Clankerusecase
Threat-actor profile
 ← Back to main site
Home/ Threat Actors/ TA578

🌐TA578

🌐 TA578 is a tracked threat actor in the Clankerusecase corpus. ??-aligned. Primary motivation: Unknown. We map 14 detection use cases to this actor across 4 MITRE ATT&CK techniques, with 0 threat-intel articles citing them.

View full actor card → All threat actors MITRE ATT&CK group spec (G1038) ↗
14Use cases
0Articles
4Techniques
0IOCs

About this actor (MITRE)

[TA578](https://attack.mitre.org/groups/G1038) is a threat actor that has used contact forms and email to initiate communications with victims and to distribute malware including [Latrodectus](https://attack.mitre.org/software/S1160), [IcedID](https://attack.mitre.org/software/S0483), and [Bumblebee](https://attack.mitre.org/software/S1039).(Citation: Latrodectus APR 2024)(Citation: Bitsight Latrodectus June 2024)

Known aliases

TA578

Top techniques

T1059.007 · JavaScriptT1204.001 · Malicious LinkT1583.006 · Web Services

All other tracked techniques

T1594 · Search Victim-Owned Websites

Detection use cases (14)

TA578 Latrodectus/IcedID/Bumblebee loader: msiexec remote-URL install chained to rundll32 export-name DLL load AI · profile S TA578 contact-form / DMCA-lure JS dropper: browser-spawned wscript executing JS from user-download paths AI · profile SΣ Brand-Impersonation Domain Fetch Followed by User-Context Loader Within 10 Minutes MITRE match Low-Code / AI Workflow Runtime Sandbox-Escape — Server Process Spawns Shell + Public Egress MITRE match npm/yarn/pnpm Install-Hook Spawn → Credential-Store Read or Worm-Payload Drop in node_modules MITRE match Package Manager Install Hook Spawns Scripting Interpreter Then Touches Credential Files or Egresses Off-Registry MITRE match Package-manager child process credential fan-out with public egress (Mini Shai-Hulud / TeamPCP worm chain) MITRE match Package-manager install hook spawns interpreter that beacons to non-registry host within 120s MITRE match Server / AI-agent process spawns shell or LOLBIN with public egress — post-RCE behavioural chain MITRE match Click on URL whose host doesn't match the sender domain MITRE match Phishing-link click correlated to endpoint execution MITRE match User clicked through a Safe Links warning page MITRE match Cisco Secure Firewall - Rare Snort Rule Triggered MITRE match Windows ISO LNK File Creation MITRE match