TA505: A Brief History Of Their Time

Fox-IT analyses TA505 operations (2019–2020), describing how targeted HTML/XLS malspam deploys the Get2/GetandGo loader which fetches the SDBbot RAT, enabling lateral movement and eventual deployment of Clop ransomware; the report covers custom packing/obfuscation techniques, campaign timelines, working hours, 'dransom' durations, and the group's public data-leak site used for extortion.