Threat Actor Profile
High APT
Description

TA578 is a threat actor that has used contact forms and email to initiate communications with victims and to distribute malware including Latrodectus, IcedID, and Bumblebee.(Citation: Latrodectus APR 2024)(Citation: Bitsight Latrodectus June 2024)

Confidence Score
90%
Known Aliases
TA578
Tags
mitre-attack stix-2.1 intrusion-set
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

MITRE ATT&CK Techniques (4)
T1059.007 - JavaScript
Execution
T1204.001 - Malicious Link
Execution
T1594 - Search Victim-Owned Websites
Reconnaissance
T1583.006 - Web Services
Resource Development
Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'aliases': ['TA578'],
 'created': '2024-09-17T17:55:44.833Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[TA578](https://attack.mitre.org/groups/G1038) is a threat '
                'actor that has used contact forms and email to initiate '
                'communications with victims and to distribute malware '
                'including '
                '[Latrodectus](https://attack.mitre.org/software/S1160), '
                '[IcedID](https://attack.mitre.org/software/S0483), and '
                '[Bumblebee](https://attack.mitre.org/software/S1039).(Citation: '
                'Latrodectus APR 2024)(Citation: Bitsight Latrodectus June '
                '2024)',
 'external_references': [{'external_id': 'G1038',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G1038'},
                         {'description': 'Batista, J. (2024, June 17). '
                                         'Latrodectus, are you coming back?. '
                                         'Retrieved September 13, 2024.',
                          'source_name': 'Bitsight Latrodectus June 2024',
                          'url': 'https://www.bitsight.com/blog/latrodectus-are-you-coming-back'},
                         {'description': 'Proofpoint Threat Research and Team '
                                         'Cymru S2 Threat Research. (2024, '
                                         'April 4). Latrodectus: This Spider '
                                         'Bytes Like Ice . Retrieved May 31, '
                                         '2024.',
                          'source_name': 'Latrodectus APR 2024',
                          'url': 'https://www.proofpoint.com/us/blog/threat-insight/latrodectus-spider-bytes-ice'}],
 'id': 'intrusion-set--a5cfbc79-316c-42f2-915d-6e8fef4085f8',
 'modified': '2024-09-17T17:55:58.333Z',
 'name': 'TA578',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'revoked': False,
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.0'}
Quick Actions
Related TTPs (4)
JavaScript
Execution
Malicious Link
Execution
Search Victim-Owned Websites
Reconnaissance
Web Services
Resource Development
Back to Threat Actors
Dashboard Home