| SYMBOL | COMMON_NAME | aka. SYNONYMS |
TA2536, which has been active since at least 2015, is likely Nigerian based on its unique linguistic style, tactics and tools. It uses keyloggers such as HawkEye and distinctive stylometric features in typo-squatted domains that resemble legitimate names and the use of recurring names and substrings in email addresses.
There are currently no families associated with this actor.
| 2022-01-24
⋅
Proofpoint
⋅
DTPacker – a .NET Packer with a Curious Password Agent Tesla TA2536 |