ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > TA558

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: TA558

NamesTA558 (Proofpoint)
MotivationFinancial crime
First seen2018
Description(Proofpoint) Since 2018, Proofpoint has tracked a financially-motivated cybercrime actor, TA558, targeting hospitality, travel, and related industries located in Latin America and sometimes North America, and western Europe. The actor sends malicious emails written in Portuguese, Spanish, and sometimes English. The emails use reservation-themed lures with business-relevant themes such as hotel room bookings. The emails may contain malicious attachments or URLs aiming to distribute one of at least 15 different malware payloads, typically remote access trojans (RATs), that can enable reconnaissance, data theft, and distribution of follow-on payloads.
ObservedSectors: Hospitality.
Countries: Latin America, Western Europe and North America.
Tools usedAsyncRAT, AZORult, Loda, njRAT, RemcosRAT, Vjw0rm, RevengeRAT, XtremeRAT.

Last change to this card: 12 September 2022

Download this actor card in PDF or JSON format

Previous: TA555
Next: TAG-28

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]