Skip to content

Hide Navigation Hide TOC

TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31)

According to Proofpoint, TA866 is a newly identified threat actor that distributes malware via email utilizing both commodity and custom tools. While most of the activity observed occurred since October 2022, Proofpoint researchers identified multiple activity clusters since 2019 that overlap with TA866 activity. Most of the activity recently observed by Proofpoint suggests recent campaigns are financially motivated, however assessment of historic related activities suggests a possible, additional espionage objective.

Cluster A Galaxy A Cluster B Galaxy B Level
TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor Rhadamanthys (9eb2a417-2bb6-496c-816b-bccb3f3074f6) Stealer 1
TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor WasabiSeed (f3b7e302-152b-4c4e-85c2-82733b78d13f) Tool 1
TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor Screenshotter (49ca568f-b6e4-49ff-963e-796f8207d185) Tool 1
404 TDS (7b956ff0-9021-499c-82a4-24b958cb32d9) TDS TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor 1
TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor AHK Bot (5c7fa5e1-352a-41c3-8e55-744e5fa88793) Tool 1
SunSeed (54c03b3c-6f97-46ea-a93f-f07bfd5cdd36) Tool WasabiSeed (f3b7e302-152b-4c4e-85c2-82733b78d13f) Tool 2
SunSeed (54c03b3c-6f97-46ea-a93f-f07bfd5cdd36) Tool SunSeed (a89f7e01-b049-4d09-aca3-ce19d91c4544) Malpedia 3