SYMBOL | COMMON_NAME | aka. SYNONYMS |
This threat actor targets organizations in the critical infrastructure, heavy industry, manufacturing, and international relations sectors for espionage purposes.
2021-01-13 ⋅ AlienVault ⋅ A Global Perspective of the SideWinder APT 8.t Dropper Koadic SideWinder |
2021-01-04 ⋅ nao_sec blog ⋅ Royal Road! Re:Dive 8.t Dropper Chinoxy FlowCloud FunnyDream Lookback |
2020-09-16 ⋅ RiskIQ ⋅ RiskIQ: Adventures in Cookie Land - Part 2 8.t Dropper Chinoxy Poison Ivy |
2020-08-19 ⋅ RiskIQ ⋅ RiskIQ Adventures in Cookie Land - Part 1 8.t Dropper Chinoxy |
2020-06-03 ⋅ Kaspersky Labs ⋅ Cycldek: Bridging the (air) gap 8.t Dropper NewCore RAT PlugX USBCulprit Hellsing |
2020-03-21 ⋅ MalwareLab.pl ⋅ On the Royal Road 8.t Dropper |
2020-03-20 ⋅ Medium Sebdraven ⋅ New version of chinoxy backdoor using COVID19 alerts document lure 8.t Dropper Chinoxy |
2020-03-12 ⋅ Check Point ⋅ Vicious Panda: The COVID Campaign 8.t Dropper BYEBY Enfal Korlia Poison Ivy |
2020-03-11 ⋅ Virus Bulletin ⋅ Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers 8.t Dropper |
2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Ransomware Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER Anunak APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORD SPIDER DOPPEL SPIDER Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER Pinchy Spider Pirate Panda Salty Spider SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
2020-01-29 ⋅ nao_sec blog ⋅ An Overhead View of the Royal Road BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader |
2020-01-28 ⋅ Macnica Networks ⋅ Tick Group Aiming at Japanese Manufacturing Datper xxmm |
2020-01-17 ⋅ JPCERT/CC ⋅ Looking back on the incidents in 2019 TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
2020 ⋅ Secureworks ⋅ BRONZE BUTLER Daserf xxmm Tick |
2019-11-29 ⋅ Trend Micro ⋅ Operation ENDTRADE:TICK: 2019s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data BROLER |
2019-11-29 ⋅ Trend Micro ⋅ Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK Datper Lilith |
2019-11-11 ⋅ Virus Bulletin ⋅ APT cases exploiting vulnerabilities in region‑specific software NodeRAT Emdivi PlugX |
2019-09-22 ⋅ Check Point Research ⋅ Rancor: The Year of The Phish 8.t Dropper Cobalt Strike |
2019-09-19 ⋅ Github (werkasmus) ⋅ Lilith Lilith |
2019-07-23 ⋅ Proofpoint ⋅ Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia 8.t Dropper Cotx RAT TA428 |
2019-02-19 ⋅ JPCERT/CC ⋅ 攻撃グループTickによる日本の組織をターゲットにした攻撃活動 NodeRAT |
2019-01-18 ⋅ Dell Secureworks ⋅ Understanding Command and Control - An Anatomy of xxmm Communication xxmm |
2019-01-03 ⋅ Another malicious document with CVE-2017–11882 8.t Dropper |
2019 ⋅ Council on Foreign Relations ⋅ Bronze Butler Tick |
2019 ⋅ MITRE ⋅ Group description: BRONZE BUTLER Tick |
2018-11-03 ⋅ Là 1937CN hay OceanLotus hay Lazarus … 8.t Dropper |
2018-07-31 ⋅ Medium Sebdraven ⋅ Malicious document targets Vietnamese officials 8.t Dropper |
2017-11-07 ⋅ Trend Micro ⋅ REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography Tick |
2017-11-07 ⋅ Trend Micro ⋅ REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography Daserf Datper xxmm |
2017-10-12 ⋅ Secureworks ⋅ BRONZE BUTLER Targets Japanese Enterprises Daserf Datper rarstar xxmm Tick |
2017-08-21 ⋅ JPCERT/CC ⋅ Detecting Datper Malware from Proxy Logs Datper Tick |
2017-07-25 ⋅ Palo Alto Networks Unit 42 ⋅ “Tick” Group Continues Attacks Daserf Tick |
2017-06-28 ⋅ Secureworks ⋅ 日本企業を狙う高度なサイバー攻撃の全貌 – BRONZE BUTLER Tick |
2017-04-25 ⋅ Cybereason ⋅ ShadowWali: New variant of the xxmm family of backdoors xxmm |
2016-04-28 ⋅ Symantec ⋅ Tick cyberespionage group zeros in on Japan Tick |