| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Tick is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group appears to have close ties to the Chinese National University of Defense and Technology, which is possibly linked to the PLA. This threat actor targets organizations in the critical infrastructure, heavy industry, manufacturing, and international relations sectors for espionage purposes. The attacks appear to be centered on political, media, and engineering sectors. STALKER PANDA has been observed conducting targeted attacks against Japan, Taiwan, Hong Kong, and the United States.
| 2021-07-07 ⋅ Talos ⋅ InSideCopy: How this APT continues to evolve its arsenal (Network IOCs) AllaKore Lilith NjRAT |
| 2021-07-07 ⋅ Talos ⋅ InSideCopy: How this APT continues to evolve its arsenal AllaKore Lilith NjRAT |
| 2021-07-07 ⋅ Talos ⋅ InSideCopy: How this APT continues to evolve its arsenal (IOCs) AllaKore Lilith NjRAT |
| 2021-02-28 ⋅ PWC UK ⋅ Cyber Threats 2020: A Year in Retrospect elf.wellmess FlowerPower PowGoop 8.t Dropper Agent.BTZ Agent Tesla Appleseed Ave Maria Bankshot BazarBackdoor BLINDINGCAN Chinoxy Conti Cotx RAT Crimson RAT DUSTMAN Emotet FriedEx FunnyDream Hakbit Mailto Maze METALJACK Nefilim Oblique RAT Pay2Key PlugX QakBot REvil Ryuk StoneDrill StrongPity SUNBURST SUPERNOVA TrickBot TurlaRPC Turla SilentMoon WastedLocker WellMess Winnti ZeroCleare |
| 2021-01-13 ⋅ AlienVault ⋅ A Global Perspective of the SideWinder APT 8.t Dropper Koadic SideWinder |
| 2021-01-04 ⋅ nao_sec blog ⋅ Royal Road! Re:Dive 8.t Dropper Chinoxy FlowCloud FunnyDream Lookback |
| 2020-09-16 ⋅ RiskIQ ⋅ RiskIQ: Adventures in Cookie Land - Part 2 8.t Dropper Chinoxy Poison Ivy |
| 2020-08-19 ⋅ RiskIQ ⋅ RiskIQ Adventures in Cookie Land - Part 1 8.t Dropper Chinoxy |
| 2020-06-03 ⋅ Kaspersky Labs ⋅ Cycldek: Bridging the (air) gap 8.t Dropper NewCore RAT PlugX USBCulprit Hellsing |
| 2020-03-21 ⋅ MalwareLab.pl ⋅ On the Royal Road 8.t Dropper |
| 2020-03-20 ⋅ Medium Sebdraven ⋅ New version of chinoxy backdoor using COVID19 alerts document lure 8.t Dropper Chinoxy |
| 2020-03-12 ⋅ Check Point ⋅ Vicious Panda: The COVID Campaign 8.t Dropper BYEBY Enfal Korlia Poison Ivy |
| 2020-03-11 ⋅ Virus Bulletin ⋅ Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers 8.t Dropper |
| 2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot vidar Winnti ANTHROPOID SPIDER APT31 APT39 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group Leviathan MONTY SPIDER Mustang Panda NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER Pirate Panda SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER |
| 2020-01-29 ⋅ nao_sec blog ⋅ An Overhead View of the Royal Road BLACKCOFFEE Cotx RAT Datper DDKONG Derusbi Icefog Korlia NewCore RAT PLAINTEE Poison Ivy Sisfader |
| 2020-01-28 ⋅ Macnica Networks ⋅ Tick Group Aiming at Japanese Manufacturing Datper xxmm |
| 2020-01-17 ⋅ JPCERT/CC ⋅ Looking back on the incidents in 2019 TSCookie NodeRAT Emotet PoshC2 Quasar RAT |
| 2020 ⋅ Secureworks ⋅ BRONZE BUTLER Daserf xxmm Tick |
| 2019-11-29 ⋅ Trend Micro ⋅ Operation ENDTRADE:TICK: 2019s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data BROLER |
| 2019-11-29 ⋅ Trend Micro ⋅ Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK Datper Lilith |
| 2019-11-11 ⋅ Virus Bulletin ⋅ APT cases exploiting vulnerabilities in region‑specific software NodeRAT Emdivi PlugX |
| 2019-10-01 ⋅ Macnica Networks ⋅ Trends in Cyber Espionage Targeting Japan 1st Half of 2019 PLEAD TSCookie Datper PLEAD |
| 2019-09-22 ⋅ Check Point Research ⋅ Rancor: The Year of The Phish 8.t Dropper Cobalt Strike |
| 2019-09-19 ⋅ GitHub (werkamsus) ⋅ Lilith Lilith |
| 2019-07-23 ⋅ Proofpoint ⋅ Chinese APT “Operation LagTime IT” Targets Government Information Technology Agencies in Eastern Asia 8.t Dropper Cotx RAT Poison Ivy TA428 |
| 2019-04-01 ⋅ Macnica Networks ⋅ Trends in Cyber Espionage Targeting Japan 2nd Half of 2018 Anel Cobalt Strike Datper PLEAD Quasar RAT RedLeaves taidoor Zebrocy |
| 2019-02-19 ⋅ JPCERT/CC ⋅ 攻撃グループTickによる日本の組織をターゲットにした攻撃活動 NodeRAT |
| 2019-01-18 ⋅ Dell Secureworks ⋅ Understanding Command and Control - An Anatomy of xxmm Communication xxmm |
| 2019-01-03 ⋅ Another malicious document with CVE-2017–11882 8.t Dropper |
| 2019 ⋅ Council on Foreign Relations ⋅ Bronze Butler Tick |
| 2019 ⋅ MITRE ⋅ Group description: BRONZE BUTLER Tick |
| 2018-11-03 ⋅ Là 1937CN hay OceanLotus hay Lazarus … 8.t Dropper |
| 2018-10-01 ⋅ Macnica Networks ⋅ Trends in cyber espionage (targeted attacks) targeting Japan | First half of 2018 Anel Cobalt Strike Datper FlawedAmmyy Quasar RAT RedLeaves taidoor Winnti xxmm |
| 2018-07-31 ⋅ Medium Sebdraven ⋅ Malicious document targets Vietnamese officials 8.t Dropper |
| 2017-11-07 ⋅ Trend Micro ⋅ REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography Tick |
| 2017-11-07 ⋅ Trend Micro ⋅ REDBALDKNIGHT/BRONZE BUTLER’s Daserf Backdoor Now Using Steganography Daserf Datper xxmm |
| 2017-10-12 ⋅ Secureworks ⋅ BRONZE BUTLER Targets Japanese Enterprises Daserf Datper rarstar xxmm Tick |
| 2017-08-21 ⋅ JPCERT/CC ⋅ Detecting Datper Malware from Proxy Logs Datper Tick |
| 2017-07-25 ⋅ Palo Alto Networks Unit 42 ⋅ “Tick” Group Continues Attacks Daserf Tick |
| 2017-06-28 ⋅ Secureworks ⋅ 日本企業を狙う高度なサイバー攻撃の全貌 – BRONZE BUTLER Tick |
| 2017-04-25 ⋅ Cybereason ⋅ ShadowWali: New variant of the xxmm family of backdoors xxmm |
| 2016-04-28 ⋅ Symantec ⋅ Tick cyberespionage group zeros in on Japan Tick |
| 2015-08-14 ⋅ Raytheon Blackbird Technologies ⋅ Stalker Panda Tick |