SYMBOL | COMMON_NAME | aka. SYNONYMS |
VICEROY TIGER is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors. Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials. In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organization’s new attack activity, confirmed and exposed the gang’s targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization.
2023-02-23 ⋅ K7 Security ⋅ The DoNot APT Unidentified 102 (Donot) |
2022-08-11 ⋅ Morphisec ⋅ APT-C-35 GETS A NEW UPGRADE Unidentified 102 (Donot) |
2022-07-18 ⋅ Palo Alto Networks Unit 42 ⋅ Thirsty Gemini BackConfig QUILTED TIGER |
2022-04-28 ⋅ PWC ⋅ Cyber Threats 2021: A Year in Retrospect APT15 APT31 APT41 APT9 BlackTech BRONZE EDGEWOOD DAGGER PANDA Earth Lusca HAFNIUM HAZY TIGER Inception Framework LOTUS PANDA QUILTED TIGER RedAlpha Red Dev 17 Red Menshen Red Nue VICEROY TIGER |
2022-01-18 ⋅ ESET Research ⋅ DoNot Go! Do not respawn! yty |
2021-10-07 ⋅ Amnesty International ⋅ Hackers-for-Hire in West Africa - Activist in Togo attacked with Indian-made Spyware yty |
2021-07-22 ⋅ cyble ⋅ DoNot APT Group Delivers A Spyware Variant Of Chat App VICEROY TIGER |
2021-04-21 ⋅ Cybleinc ⋅ Donot Team APT Group Is Back To Using Old Malicious Patterns Unidentified APK 005 |
2020-10-30 ⋅ 360 Core Security ⋅ 肚脑虫组织( APT-C-35)疑似针对巴基斯坦军事人员的最新攻击活动 Unidentified APK 005 |
2020-10-29 ⋅ Cisco Talos ⋅ DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread Unidentified APK 005 |
2020-09-30 ⋅ RiskIQ ⋅ Diving Into DONOT's Mobile Rabbit Hole Unidentified APK 005 |
2020-06-03 ⋅ Palo Alto Networks Unit 42 ⋅ Threat Assessment: Hangover Threat Group BackConfig VICEROY TIGER |
2020-06-01 ⋅ Twitter (@voodoodahl1) ⋅ Tweet on malware called knspy used by Donot Unidentified APK 005 |
2020-05-11 ⋅ Palo Alto Networks Unit 42 ⋅ Updated BackConfig Malware Targeting Government and Military Organizations in South Asia VICEROY TIGER |
2020-04-08 ⋅ Tencent ⋅ Donot team organization (APT-C-35) mobile terminal attack activity analysis Unidentified APK 005 |
2020-03-04 ⋅ CrowdStrike ⋅ 2020 CrowdStrike Global Threat Report MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER |
2020 ⋅ Secureworks ⋅ ZINC EMERSON yty QUILTED TIGER |
2019-11-15 ⋅ Positive Technologies ⋅ Studying Donot Team yty |
2019-08-02 ⋅ NSHC ⋅ SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government yty |
2019 ⋅ CrowdStrike ⋅ Viceroy Tiger VICEROY TIGER |
2018-12-12 ⋅ 360 Threat Intelligence ⋅ Donot (APT-C-35) Group Is Targeting Pakistani Businessman Working In China VICEROY TIGER |
2018-07-26 ⋅ Analysis of the latest attack activities of APT-C-35 yty VICEROY TIGER |
2018-03-08 ⋅ NetScout ⋅ Donot Team Leverages New Modular Malware Framework in South Asia VICEROY TIGER |
2018-03-08 ⋅ NetScout ⋅ Donot Team Leverages New Modular Malware Framework in South Asia yty |
2013-11-06 ⋅ CrowdStrike ⋅ VICEROY TIGER Delivers New Zero-Day Exploit VICEROY TIGER |