CastleLoader MaaS Used by Various Threat Actors: The Expansion of GrayBravo
Recent research has revealed the existence of four distinct threat activity groups that are leveraging a malware loader known as CastleLoader. This evidence reinforces previous assessment that the tool is offered to other cybercriminals under a malware-as-a-service (MaaS) model. The threat actor behind CastleLoader has been identified by Recorded Future’s Insikt Group as GrayBravo, previously tracked as TAG-150. GrayBravo’s Profile GrayBravo is a threat actor characterized by: Rapid development cycles. Technical sophistication. Responsiveness to public reports. An expansive and constantly evolving infrastructure. Tools and Frameworks GrayBravo’s toolset includes several key pieces of malware: ...