Skip to content

Hide Navigation Hide TOC

TA505 (03c80674-35f8-4fe0-be2b-226ed0fcd69f)

TA505, the name given by Proofpoint, has been in the cybercrime business for at least four years. This is the group behind the infamous Dridex banking trojan and Locky ransomware, delivered through malicious email campaigns via Necurs botnet. Other malware associated with TA505 include Philadelphia and GlobeImposter ransomware families.

Cluster A Galaxy A Cluster B Galaxy B Level
TA505 (03c80674-35f8-4fe0-be2b-226ed0fcd69f) Threat Actor Spandex Tempest (c85120d0-c397-5d30-9d57-3b019090acd5) Microsoft Activity Group actor 1
TA505 (03c80674-35f8-4fe0-be2b-226ed0fcd69f) Threat Actor Lace Tempest (b27dcdee-14b1-5842-86b3-32eacec94584) Microsoft Activity Group actor 1
Lace Tempest (b27dcdee-14b1-5842-86b3-32eacec94584) Microsoft Activity Group actor FIN11 (c01aadc6-1087-4e8e-8d5c-a27eba409fe3) Threat Actor 2