HIVE-0145

MISP

Type:
Unknown

Country:
Unknown

First seen:
Unknown

Details:

Hive0145 is a financially motivated initial access broker that has been active since late 2022, primarily utilizing Strela Stealer malware to target email credentials. The group has evolved its tactics from generic phishing emails to using stolen legitimate emails with real invoice attachments, focusing on victims in Spain, Germany, and Ukraine. Strela Stealer is configured to extract data from Microsoft Outlook and Mozilla Thunderbird, and the group's operations have shown increased complexity and automation. Threat intelligence indicates that Hive0145's campaigns are characterized by credential theft and espionage-driven activities.

References (1)

ibm.com - Strela Stealer Todays Invoice Tomorrows Phish

Aliases (106)

Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145 Hive0145

Metadata

ID:	838
Created:	13/01/2026 17:48
Updated:	07/03/2026 16:00