TA554 is a threat actor, also known as TH-163. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does TA554 exploit?

Specific CVE exploitation data for TA554 is being tracked. Check the Strobes VI threat actor profile for updates.

TA554

Also known as: TH-163

Exploited CVEs

Overview

Since May 2018, Proofpoint researchers have observed email campaigns using a new downloader called sLoad. sLoad is a PowerShell downloader that most frequently delivers Ramnit banker and includes noteworthy reconnaissance features. The malware gathers information about the infected system including a list of running processes, the presence of Outlook, and the presence of Citrix-related files. sLoad can also take screenshots and check the DNS cache for specific domains (e.g., targeted banks), as well as load external binaries. While initial versions of sLoad appeared in May 2018, we began tracking the campaigns from this actor (internally named TA554) since at least the beginning of 2017.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database