TA544

- NARWHAL SPIDER - Hastur

References:

Threat Actor Profile: TA544 targets geographies from Italy to Japan with a range of malware - 2019-07-11 - Proofpoint - Proofpoint Staff TA544 Nymaim Gozi ISFB URLZone

More Reading:

Sandiflux: Another Fast Flux infrastructure used in malware distribution emerges - 2018-03-30 - Proofpoint - Kafeine TA547 GandCrab TA544 TA505

Cutwail Spam Campaign Uses Steganography to Distribute URLZone - 2018-10-25 - CrowdStrike - Brett Stone-Gross - Bex Hartley TA544 URLZone

1/24のばらまきメールに添付されている難読化+ステガノを用いたマルウェアを調査してみた（マクロ） - 2019-01-26 - Sugitamuchi - Sugita Muchi TA544 URLZone

New Ursnif Variant Targets Japan Packed with New Features - 2019-03-12 - Cybereason - Assaf Dahan TA544 URLZone Gozi v3

URLZone top malware in Japan, while Emotet and LINE Phishing round out the landscape - 2019-06-19 - Proofpoint - Proofpoint Staff TA544 URLZone Gozi v3 Vawtrak TA505 FlawedAmmyy

BrushaLoader still sweeping up victims one year later - 2019-07-22 - Proofpoint - Kafeine - Proofpoint Staff BrushaLoader Danabot Gootkit TA544

Brushaloader gaining new layers like a pro - 2019-11-19 - CertPL - Michał Praszmo BrushaLoader TA544