Ta542

Threat Actor updated 4 months ago (2024-05-04T19:26:12.541Z)

Download STIX

Preview STIX

TA542, also known as Mealybug or Mummy Spider, is a notable threat actor in the cybersecurity landscape that operates the Emotet malware family. Active since 2014, this group has evolved the initial banking Trojan into a sophisticated and profitable malware delivery vehicle. The group's operations are characterized by an undulating cadence, with periods of dormancy followed by resurgence. Emotet continues to pose a potent and resilient threat despite law enforcement attempts to neutralize it. In November 2022, researchers discovered the Lite IcedID variant following TA542 Emotet infections. This variant was observed as a payload from Emotet, which also serves as a botnet and a malware delivery platform. However, researchers could not definitively attribute the Lite variant to TA542 due to the limited visibility of follow-on infections. Despite this uncertainty, Emotet's association with the Lite IcedID variant highlights its role as a significant cyber threat. The operations of TA542 are intricately connected with the numerical beacon 193.37.254.27, further demonstrating the extensive reach of this threat actor. In addition to their own activities, TA542 and other threat groups began using LNK files to deliver the notorious Emotet malware, although this method's popularity has recently declined in favor of other techniques. As the operator of Emotet, TA542 remains one of the top cyber threats, highlighting the need for ongoing vigilance and robust cybersecurity measures.

Description last updated: 2024-05-04T18:16:57.350Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Emotet	4	Emotet is a highly dangerous and insidious type of malware that has been active, particularly during recent summers. It is distributed primarily through documents attached to emails, using conversations found in compromised accounts. Once an unsuspecting user clicks either the enable button or an im
Mealybug	2	Mealybug, a cybercrime group also known as TA542, has been operating the Emotet malware family since 2014. In recent years, Mealybug has significantly enhanced its malicious activities by updating the Emotet malware to a 64-bit architecture and implementing multiple new obfuscations to protect their

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Cybercrime

Payload

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

ID	Type	Votes	Profile Description
IcedID	Unspecified	2	IcedID is a malicious software (malware) that has been linked to various cybercrime operations. The malware can infiltrate systems via suspicious downloads, emails, or websites and proceed to steal personal information, disrupt operations, or hold data for ransom. IcedID has been associated with oth

Source Document References

Information about the Ta542 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
ESET	a year ago	What’s up with Emotet? \| WeLiveSecurity
Yori	a year ago	How an APT technique turns to be a public Red Team Project - Yoroi
DARKReading	a year ago	Emotet Resurfaces Yet Again After 3-Month Hiatus
CERT-EU	a year ago	No more macros? No problem, say attackers, we'll adapt
CERT-EU	a year ago	IcedID: A New Era with ‘Lite and Fork’ Malware \| IT Security News
CERT-EU	a year ago	Research follows comeback of infamous botnet Emotet
CSO Online	a year ago	Researchers warn of two new variants of potent IcedID malware loader
CERT-EU	a year ago	Emotet Rises Again: Evades Macro Security via OneNote Attachments