Description
[TA577](https://attack.mitre.org/groups/G1037) is an initial access broker (IAB) that has distributed [QakBot](https://attack.mitre.org/software/S0650) and [Pikabot](https://attack.mitre.org/software/S1145), and was among the first observed groups distributing [Latrodectus](https://attack.mitre.org/software/S1160) in 2023.(Citation: Latrodectus APR 2024)
Techniques Used (TTPs)
- T1059.007 — JavaScript (execution)
- T1059.003 — Windows Command Shell (execution)
- T1027.009 — Embedded Payloads (defense-evasion)
- T1586.002 — Email Accounts (resource-development)
- T1204.001 — Malicious Link (execution)
- T1566.002 — Spearphishing Link (initial-access)
Total TTPs: 6
Malware & Tools
Malware: Latrodectus, Pikabot, QakBot