This is a collection of rules based on the presence of indicators of compromise publicly reported as associated with this malicious actor.

TA505 is a financially motivated threat group that has been active since at least 2014. This threat group frequently changes the malware families they use. Whenever this group changes their techniques or tools, other groups and threat actors follow suit, which makes this group a global trendsetter in criminal malware distribution.

Other names for this group include: GOLD TAHOE GRACEFUL SPIDER Hive0065 SectorJ04 SectorJ04 Group