SYMBOLCOMMON_NAMEaka. SYNONYMS

APT-C-35  (Back to overview)

aka: DoNot Team, Donot Team, APT-C-35

In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organization’s new attack activity, confirmed and exposed the gang’s targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization

Associated Families
apk.unidentified_005 win.yty
References
2020-10-30360 Core Security360
@online{360:20201030:aptc35:0c53f1a, author = {360}, title = {{肚脑虫组织( APT-C-35)疑似针对巴基斯坦军事人员的最新攻击活动}}, date = {2020-10-30}, organization = {360 Core Security}, url = {https://blogs.360.cn/post/APT-C-35_target_at_armed_forces_in_Pakistan.html}, language = {Chinese}, urldate = {2020-11-02} } 肚脑虫组织( APT-C-35)疑似针对巴基斯坦军事人员的最新攻击活动
Unidentified APK 005
2020-10-29Cisco TalosWarren Mercer, Paul Rascagnères, Vitor Ventura
@online{mercer:20201029:donots:850f31b, author = {Warren Mercer and Paul Rascagnères and Vitor Ventura}, title = {{DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread}}, date = {2020-10-29}, organization = {Cisco Talos}, url = {https://blog.talosintelligence.com/2020/10/donot-firestarter.html}, language = {English}, urldate = {2020-10-29} } DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
Unidentified APK 005
2020-09-30RiskIQJon Gross
@online{gross:20200930:diving:8e26441, author = {Jon Gross}, title = {{Diving Into DONOT's Mobile Rabbit Hole}}, date = {2020-09-30}, organization = {RiskIQ}, url = {https://community.riskiq.com/article/6f60db72}, language = {English}, urldate = {2020-10-04} } Diving Into DONOT's Mobile Rabbit Hole
Unidentified APK 005
2020-06-01Twitter (@voodoodahl1)Matt Dahl
@online{dahl:20200601:malware:aa6f2ab, author = {Matt Dahl}, title = {{Tweet on malware called knspy used by Donot}}, date = {2020-06-01}, organization = {Twitter (@voodoodahl1)}, url = {https://twitter.com/voodoodahl1/status/1267571622732578816}, language = {English}, urldate = {2020-06-04} } Tweet on malware called knspy used by Donot
Unidentified APK 005
2020-04-08TencentTencent
@online{tencent:20200408:donot:58c3513, author = {Tencent}, title = {{Donot team organization (APT-C-35) mobile terminal attack activity analysis}}, date = {2020-04-08}, organization = {Tencent}, url = {https://s.tencent.com/research/report/951.html}, language = {Chinese}, urldate = {2020-05-05} } Donot team organization (APT-C-35) mobile terminal attack activity analysis
Unidentified APK 005
2020SecureworksSecureWorks
@online{secureworks:2020:zinc:13667ec, author = {SecureWorks}, title = {{ZINC EMERSON}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/zinc-emerson}, language = {English}, urldate = {2020-05-23} } ZINC EMERSON
yty Dropping Elephant
2019-11-15Positive TechnologiesPositive Technologies
@online{technologies:20191115:studying:b64a9fd, author = {Positive Technologies}, title = {{Studying Donot Team}}, date = {2019-11-15}, organization = {Positive Technologies}, url = {http://blog.ptsecurity.com/2019/11/studying-donot-team.html}, language = {English}, urldate = {2020-01-05} } Studying Donot Team
yty
2019-08-02NSHCThreatRecon Team
@online{team:20190802:sectore02:c2237b1, author = {ThreatRecon Team}, title = {{SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government}}, date = {2019-08-02}, organization = {NSHC}, url = {https://threatrecon.nshc.net/2019/08/02/sectore02-updates-yty-framework-in-new-targeted-campaign-against-pakistan-government/}, language = {English}, urldate = {2020-01-08} } SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government
yty
2018-12-12360 Threat IntelligenceQi Anxin Threat Intelligence Center
@online{center:20181212:donot:32e8fb0, author = {Qi Anxin Threat Intelligence Center}, title = {{Donot (APT-C-35) Group Is Targeting Pakistani Businessman Working In China}}, date = {2018-12-12}, organization = {360 Threat Intelligence}, url = {https://ti.360.net/blog/articles/donot-group-is-targeting-pakistani-businessman-working-in-china-en/}, language = {English}, urldate = {2020-01-13} } Donot (APT-C-35) Group Is Targeting Pakistani Businessman Working In China
APT-C-35
2018-07-26奇安信威胁情报中心 | 事件追踪
@online{:20180726:analysis:66722b6, author = {奇安信威胁情报中心 | 事件追踪}, title = {{Analysis of the latest attack activities of APT-C-35}}, date = {2018-07-26}, url = {https://ti.360.net/blog/articles/latest-activity-of-apt-c-35/}, language = {Chinese}, urldate = {2020-01-08} } Analysis of the latest attack activities of APT-C-35
yty APT-C-35
2018-03-08NetScoutASERT Team
@online{team:20180308:donot:6f0c645, author = {ASERT Team}, title = {{Donot Team Leverages New Modular Malware Framework in South Asia}}, date = {2018-03-08}, organization = {NetScout}, url = {https://www.arbornetworks.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia/}, language = {English}, urldate = {2020-01-09} } Donot Team Leverages New Modular Malware Framework in South Asia
yty
2018-03-08NetScoutDennis Schwarz, Jill Sopko, Richard Hummel, Hardik Modi
@online{schwarz:20180308:donot:39171ec, author = {Dennis Schwarz and Jill Sopko and Richard Hummel and Hardik Modi}, title = {{Donot Team Leverages New Modular Malware Framework in South Asia}}, date = {2018-03-08}, organization = {NetScout}, url = {https://www.netscout.com/blog/asert/donot-team-leverages-new-modular-malware-framework-south-asia}, language = {English}, urldate = {2019-10-16} } Donot Team Leverages New Modular Malware Framework in South Asia
APT-C-35
Credits: MISP Project