TA575 (Threat Actor)

SYMBOL	COMMON_NAME	aka. SYNONYMS

TA575 (Back to overview)

TA575 is a Dridex affiliate tracked by Proofpoint since late 2020. This group distributes malware such as Dridex, Qakbot, and WastedLocker via malicious URLs, Office attachments, and password-protected files. On average, TA575 distributes almost 4,000 messages per campaign impacting hundreds of organizations.

Associated Families

There are currently no families associated with this actor.

References

2021-10-28 ⋅ Proofpoint ⋅ Axel F, Selena Larson
TA575 Uses ‘Squid Game’ Lures to Distribute Dridex malware
DoppelDridex TA575

2021-08-19 ⋅ Blackberry ⋅ BlackBerry Research & Intelligence Team
BlackBerry Prevents: Threat Actor Group TA575 and Dridex Malware
Cobalt Strike Dridex TA575

2021-06-16 ⋅ Proofpoint ⋅ Daniel Blackford, Garrett M. Graff, Selena Larson
The First Step: Initial Access Leads to Ransomware
BazarBackdoor Egregor IcedID Maze QakBot REvil Ryuk TrickBot WastedLocker TA570 TA575 TA577

Credits: MISP Project