From 93cc634d1c329bd94f1a6d40f360ae31d548e8ba Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Tue, 18 Jun 2024 04:51:29 -0700
Subject: [PATCH] [threat-actors] Add TA571

---
 clusters/threat-actor.json | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index ab3d9ced..b493b241 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -16132,6 +16132,17 @@
       },
       "uuid": "2be04e23-4376-4333-87df-27d635e43a98",
       "value": "Sp1d3r"
+    },
+    {
+      "description": "TA571 is a spam distributor actor known for delivering a variety of malware, including DarkGate, NetSupport RAT, and information stealers. They use phishing emails with macro-enabled attachments to spread malicious PDFs containing rogue OneDrive links. TA571 has been observed using unique filtering techniques with intermediary \"gates\" to target specific users and bypass automated sandboxing. Proofpoint assesses with high confidence that TA571 infections can lead to ransomware.",
+      "meta": {
+        "refs": [
+          "https://www.proofpoint.com/us/blog/threat-insight/security-brief-ta571-delivers-icedid-forked-loader",
+          "https://www.proofpoint.com/us/blog/threat-insight/clipboard-compromise-powershell-self-pwn"
+        ]
+      },
+      "uuid": "0245113e-cef3-4638-9532-3bf235b07d49",
+      "value": "TA571"
     }
   ],
   "version": 310