TA2541
Aliases: None listed
TA2541 is a cybercriminal group that has been targeting the aviation, aerospace, transportation, manufacturing, and defense industries since at least 2017. TA2541 campaigns are typically high volume and involve the use of commodity remote access tools obfuscated by crypters and themes related to aviation, transportation, and travel.
Open interactive actor investigation
ATT&CK techniques
T1608.001
Upload MalwareT1547.001
Registry Run Keys / Startup FolderT1573.002
Asymmetric CryptographyT1562.001
Disable or Modify ToolsT1105
Ingress Tool TransferT1568
Dynamic ResolutionT1036.005
Match Legitimate Name or LocationT1518.001
Security Software DiscoveryT1053.005
Scheduled TaskT1027.002
Software PackingT1082
System Information DiscoveryT1588.001
MalwareT1218.005
MshtaT1588.002
ToolT1204.001
Malicious LinkT1583.001
DomainsT1055
Process InjectionT1059.001
PowerShellT1027.013
Encrypted/Encoded FileT1016.001
Internet Connection DiscoveryT1055.012
Process HollowingT1047
Windows Management InstrumentationT1204.002
Malicious FileT1059.005
Visual BasicT1566.002
Spearphishing LinkT1566.001
Spearphishing AttachmentT1583.006
Web Services
Upload MalwareT1547.001
Registry Run Keys / Startup FolderT1573.002
Asymmetric CryptographyT1562.001
Disable or Modify ToolsT1105
Ingress Tool TransferT1568
Dynamic ResolutionT1036.005
Match Legitimate Name or LocationT1518.001
Security Software DiscoveryT1053.005
Scheduled TaskT1027.002
Software PackingT1082
System Information DiscoveryT1588.001
MalwareT1218.005
MshtaT1588.002
ToolT1204.001
Malicious LinkT1583.001
DomainsT1055
Process InjectionT1059.001
PowerShellT1027.013
Encrypted/Encoded FileT1016.001
Internet Connection DiscoveryT1055.012
Process HollowingT1047
Windows Management InstrumentationT1204.002
Malicious FileT1059.005
Visual BasicT1566.002
Spearphishing LinkT1566.001
Spearphishing AttachmentT1583.006
Web Services