TA505

- MONTY SPIDER

References:
  • Threat Actor Profile: TA505, From Dridex to GlobeImposter - 2017-09-27 - Proofpoint - Proofpoint Staff TA505 Dridex Trickbot Shifu
  • An in-depth malware analysis of QuantLoader - 2018-03-28 - Malwarebytes - Vishal Thakur Quant TA505 FlawedAmmyy
  • More Reading:

  • Dridex Actors Get In the Ransomware Game With "Locky" - 2016-02-16 - Proofpoint - Proofpoint Staff Locky Neutrino TA505
  • Locky distributor uses newly released quant loader sold on Russian underground - 2016-09-14 - Forcepoint - Nicholas Griffin Quant Locky TA505
  • Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day - 2017-04-10 - Proofpoint - Proofpoint Staff CVE-2017-0199 Dridex TA505
  • Leaked Ammyy Admin Source Code Turned into Malware - 2018-03-07 - Proofpoint - Proofpoint Staff FlawedAmmyy TA505 Quant
  • Drive-by as a service: BlackTDS - 2018-03-13 - Proofpoint - Kafeine BlackTDS bbsindex TA505
  • TA505 Abusing SettingContent-ms within PDF files to Distribute FlawedAmmyy RAT - 2018-07-19 - Proofpoint - Proofpoint Staff FlawedAmmyy TA505
  • ServHelper and FlawedGrace - New malware introduced by TA505 - 2019-01-09 - Proofpoint - Dennis Schwarz - Proofpoint Staff ServHelper FlawedGrace TA505
  • URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape - 2019-06-19 - Proofpoint - Proofpoint Staff TA544 URLZone Gozi v3 Vawtrak TA505 FlawedAmmyy
  • Anomaly detection helped us uncover a new campaign that employs a complex infection chain to download and run the notorious FlawedAmmyy RAT directly in memory. - 2019-06-21 - Twitter - Microsoft Security Intelligence FlawedAmmyy TA505
  • TA505 begins summer campaigns with a new pet malware downloader, AndroMut, in the UAE, South Korea, Singapore, and the United States - 2019-07-02 - Proofpoint - Matthew Mesa - Dennis Schwarz - Proofpoint Staff AndroMut FlawedAmmyy TA505
  • Sandiflux Botnet Report - June 2019 - 2019-07-02 - Slideshare - Salvatore Saeli TA505 FlawedAmmyy GandCrab Sodinokibi
  • (PDF - Technical Brief) Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi - 2019-07-04 - Trend Micro - Hara Hiroaki - Loseway Lu AndroMut TA505
  • Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi - 2019-07-04 - Trend Micro - Hara Hiroaki - Loseway Lu TA505
  • Targeted TrickBot activity drops 'PowerBrace' backdoor - 2019-07-11 - NTT Security - NTT Security Trickbot PowerBrace TA505