Ta542

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
TA542, also known as Mealybug or Mummy Spider, is a notable threat actor in the cybersecurity landscape that operates the Emotet malware family. Active since 2014, this group has evolved the initial banking Trojan into a sophisticated and profitable malware delivery vehicle. The group's operations are characterized by an undulating cadence, with periods of dormancy followed by resurgence. Emotet continues to pose a potent and resilient threat despite law enforcement attempts to neutralize it. In November 2022, researchers discovered the Lite IcedID variant following TA542 Emotet infections. This variant was observed as a payload from Emotet, which also serves as a botnet and a malware delivery platform. However, researchers could not definitively attribute the Lite variant to TA542 due to the limited visibility of follow-on infections. Despite this uncertainty, Emotet's association with the Lite IcedID variant highlights its role as a significant cyber threat. The operations of TA542 are intricately connected with the numerical beacon 193.37.254.27, further demonstrating the extensive reach of this threat actor. In addition to their own activities, TA542 and other threat groups began using LNK files to deliver the notorious Emotet malware, although this method's popularity has recently declined in favor of other techniques. As the operator of Emotet, TA542 remains one of the top cyber threats, highlighting the need for ongoing vigilance and robust cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Emotet
4
Emotet is a highly dangerous and insidious malware that has resurfaced with increased activity this summer. Originally distributed via email attachments, it infiltrates systems often without the user's knowledge, forming botnets under the control of criminals for large-scale attacks. Once infected,
Mealybug
2
Mealybug, a cybercrime group also known as TA542, has been operating the Emotet malware family since 2014. In recent years, Mealybug has significantly enhanced its malicious activities by updating the Emotet malware to a 64-bit architecture and implementing multiple new obfuscations to protect their
Emotet Gang
1
None
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Cybercrime
Payload
Beacon
Trojan
Proofpoint
Botnet
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
IcedIDUnspecified
2
IcedID is a type of malware, or malicious software, designed to exploit and harm computer systems. It can infiltrate systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, IcedID can steal personal information, disrupt operations, or even hold dat
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Ta542 Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
ESET
a year ago
What’s up with Emotet? | WeLiveSecurity
Yori
10 months ago
How an APT technique turns to be a public Red Team Project - Yoroi
DARKReading
a year ago
Emotet Resurfaces Yet Again After 3-Month Hiatus
CERT-EU
a year ago
No more macros? No problem, say attackers, we'll adapt
CERT-EU
a year ago
IcedID: A New Era with ‘Lite and Fork’ Malware | IT Security News
CERT-EU
a year ago
Research follows comeback of infamous botnet Emotet
CSO Online
a year ago
Researchers warn of two new variants of potent IcedID malware loader
CERT-EU
a year ago
Emotet Rises Again: Evades Macro Security via OneNote Attachments