Description
[TA551](https://attack.mitre.org/groups/G0127) is a financially-motivated threat group that has been active since at least 2018. (Citation: Secureworks GOLD CABIN) The group has primarily targeted English, German, Italian, and Japanese speakers through email-based malware distribution campaigns. (Citation: Unit 42 TA551 Jan 2021)
Techniques Used (TTPs)
- T1218.010 — Regsvr32 (defense-evasion)
- T1589.002 — Email Addresses (reconnaissance)
- T1204.002 — Malicious File (execution)
- T1218.011 — Rundll32 (defense-evasion)
- T1027.003 — Steganography (defense-evasion)
- T1566.001 — Spearphishing Attachment (initial-access)
- T1132.001 — Standard Encoding (command-and-control)
- T1568.002 — Domain Generation Algorithms (command-and-control)
- T1027.010 — Command Obfuscation (defense-evasion)
- T1071.001 — Web Protocols (command-and-control)
- T1105 — Ingress Tool Transfer (command-and-control)
- T1218.005 — Mshta (defense-evasion)
- T1059.003 — Windows Command Shell (execution)
- T1036 — Masquerading (defense-evasion)
Total TTPs: 14