ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > TA2541

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: TA2541

NamesTA2541 (Proofpoint)
MotivationInformation theft and espionage
First seen2017
Description(Proofpoint) TA2541 is a persistent cybercriminal actor that distributes various remote access trojans (RATs) targeting the aviation, aerospace, transportation, and defense industries, among others. Proofpoint has tracked this threat actor since 2017, and it has used consistent tactics, techniques, and procedures (TTPs) in that time. Entities in the targeted sectors should be aware of the actor's TTPs and use the information provided for hunting and detection.
ObservedSectors: Aviation, Aerospace, Defense, Transportation.
Tools usedAgent Tesla, AsyncRAT, Ave Maria, DarkRAT, H-Worm, Imminent Monitor RAT, Luminosity RAT, NetWire RC, Parallax RAT, RevengeRAT.

Last change to this card: 03 April 2022

Download this actor card in PDF or JSON format

Previous: TA2101, Maze Team
Next: TA2552

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]