Skip to content

Hide Navigation Hide TOC

TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31)

According to Proofpoint, TA866 is a newly identified threat actor that distributes malware via email utilizing both commodity and custom tools. While most of the activity observed occurred since October 2022, Proofpoint researchers identified multiple activity clusters since 2019 that overlap with TA866 activity. Most of the activity recently observed by Proofpoint suggests recent campaigns are financially motivated, however assessment of historic related activities suggests a possible, additional espionage objective.

Cluster A Galaxy A Cluster B Galaxy B Level
WasabiSeed (f3b7e302-152b-4c4e-85c2-82733b78d13f) Tool TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor 1
Rhadamanthys (9eb2a417-2bb6-496c-816b-bccb3f3074f6) Stealer TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor 1
Screenshotter (49ca568f-b6e4-49ff-963e-796f8207d185) Tool TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor 1
AHK Bot (5c7fa5e1-352a-41c3-8e55-744e5fa88793) Tool TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor 1
TA866 (a3c22f46-5135-4b39-a33f-92906ac12c31) Threat Actor 404 TDS (7b956ff0-9021-499c-82a4-24b958cb32d9) TDS 1
WasabiSeed (f3b7e302-152b-4c4e-85c2-82733b78d13f) Tool SunSeed (54c03b3c-6f97-46ea-a93f-f07bfd5cdd36) Tool 2
SunSeed (a89f7e01-b049-4d09-aca3-ce19d91c4544) Malpedia SunSeed (54c03b3c-6f97-46ea-a93f-f07bfd5cdd36) Tool 3