Storm-0249
MISP
Tipo:
Unknown
Unknown
Paese:
Unknown
Unknown
Prima attivita:
Unknown
Unknown
Dettagli:
Storm-0249 is an access broker active since 2021, known for distributing BazaLoader, IcedID, Bumblebee, and Emotet malware. The actor primarily employs phishing emails to deliver malware payloads, as evidenced by a campaign involving tax-themed emails that aimed to distribute BRc4 and Latrodectus malware. Storm-0249 has facilitated initial access for other threat actors, such as Storm-0501, by leveraging compromised credentials and exploiting known vulnerabilities in public-facing servers. Microsoft has detected malicious PDF attachments associated with Storm-0249's phishing campaigns.
Alias (107)
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
DEV-0249
Metadata
| ID: | 823 |
| Created: | 13/01/2026 17:48 |
| Updated: | 08/03/2026 04:00 |