G1020 · 12 ATT&CK techniques · 0 correlated reports

Mustard Tempest

Aliases: DEV-0206, TA569, GOLD PRELUDE, UNC1543

Mustard Tempest is an initial access broker that has operated the SocGholish distribution network since at least 2017. Mustard Tempest has partnered with Indrik Spider to provide access for the download of additional malware including LockBit, WastedLocker, and remote access tools.

Open interactive actor investigation

ATT&CK techniques

T1583.008
Malvertising T1608.001
Upload Malware T1036.005
Match Legitimate Name or Location T1566.002
Spearphishing Link T1584.001
Domains T1608.006
SEO Poisoning T1608.004
Drive-by Target T1189
Drive-by Compromise T1204.001
Malicious Link T1082
System Information Discovery T1583.004
Server T1105
Ingress Tool Transfer

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research