| SYMBOL | COMMON_NAME | aka. SYNONYMS |
VICEROY TIGER is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors. Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials. In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organization’s new attack activity, confirmed and exposed the gang’s targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization.
| 2024-10-15
⋅
⋅
Weixin
⋅
Analysis of the attack activities of APT-C-35 (belly brain worm) against a manufacturing company in South Asia Unidentified 117 (Donot Loader) |
| 2024-05-14
⋅
Check Point Research
⋅
Foxit PDF “Flawed Design” Exploitation Rafel RAT Agent Tesla AsyncRAT DCRat DONOT Nanocore RAT NjRAT Pony Remcos Venom RAT XWorm |
| 2023-02-23
⋅
K7 Security
⋅
The DoNot APT DONOT |
| 2022-08-11
⋅
Morphisec
⋅
APT-C-35 GETS A NEW UPGRADE DONOT |
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Thirsty Gemini BackConfig QUILTED TIGER |
| 2022-04-28
⋅
PWC
⋅
Cyber Threats 2021: A Year in Retrospect BPFDoor APT15 APT31 APT41 APT9 BlackTech BRONZE EDGEWOOD DAGGER PANDA Earth Lusca HAFNIUM HAZY TIGER Inception Framework LOTUS PANDA QUILTED TIGER RedAlpha Red Dev 17 Red Menshen Red Nue VICEROY TIGER |
| 2022-01-18
⋅
ESET Research
⋅
DoNot Go! Do not respawn! yty |
| 2021-10-07
⋅
Amnesty International
⋅
Hackers-for-Hire in West Africa - Activist in Togo attacked with Indian-made Spyware yty |
| 2021-07-22
⋅
cyble
⋅
DoNot APT Group Delivers A Spyware Variant Of Chat App VICEROY TIGER |
| 2021-04-21
⋅
Cybleinc
⋅
Donot Team APT Group Is Back To Using Old Malicious Patterns KnSpy |
| 2020-10-30
⋅
⋅
360 Core Security
⋅
肚脑虫组织( APT-C-35)疑似针对巴基斯坦军事人员的最新攻击活动 KnSpy |
| 2020-10-29
⋅
Cisco Talos
⋅
DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread KnSpy |
| 2020-09-30
⋅
RiskIQ
⋅
Diving Into DONOT's Mobile Rabbit Hole KnSpy |
| 2020-06-03
⋅
Palo Alto Networks Unit 42
⋅
Threat Assessment: Hangover Threat Group BackConfig VICEROY TIGER |
| 2020-06-01
⋅
Twitter (@voodoodahl1)
⋅
Tweet on malware called knspy used by Donot KnSpy |
| 2020-05-11
⋅
Palo Alto Networks Unit 42
⋅
Updated BackConfig Malware Targeting Government and Military Organizations in South Asia VICEROY TIGER |
| 2020-04-08
⋅
⋅
Tencent
⋅
Donot team organization (APT-C-35) mobile terminal attack activity analysis KnSpy |
| 2020-03-04
⋅
CrowdStrike
⋅
2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
| 2020-01-01
⋅
Secureworks
⋅
ZINC EMERSON yty QUILTED TIGER |
| 2019-11-15
⋅
Positive Technologies
⋅
Studying Donot Team yty |
| 2019-08-02
⋅
NSHC
⋅
SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government yty |
| 2019-01-01
⋅
CrowdStrike
⋅
Viceroy Tiger VICEROY TIGER |
| 2018-12-12
⋅
360 Threat Intelligence
⋅
Donot (APT-C-35) Group Is Targeting Pakistani Businessman Working In China VICEROY TIGER |
| 2018-07-26
⋅
⋅
Analysis of the latest attack activities of APT-C-35 yty VICEROY TIGER |
| 2018-03-08
⋅
NetScout
⋅
Donot Team Leverages New Modular Malware Framework in South Asia yty |
| 2018-03-08
⋅
NetScout
⋅
Donot Team Leverages New Modular Malware Framework in South Asia VICEROY TIGER |
| 2013-11-06
⋅
CrowdStrike
⋅
VICEROY TIGER Delivers New Zero-Day Exploit VICEROY TIGER |
| 2013-11-05
⋅
F-Secure
⋅
Operation Hangover: Unveiling an Indian Cyberattack Infrastructure VICEROY TIGER |