SYMBOLCOMMON_NAMEaka. SYNONYMS

VICEROY TIGER  (Back to overview)

aka: APT-C-35, Donot Team, OPERATION HANGOVER, Orange Kala, SectorE02

VICEROY TIGER is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors. Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials. In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APT's attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organization’s new attack activity, confirmed and exposed the gang’s targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization.


Associated Families
win.unidentified_102 apk.knspy apk.unidentified_005 win.backconfig win.donot win.yty

References
2023-02-23K7 SecurityVigneshwaran P
The DoNot APT
DONOT
2022-08-11MorphisecArnold Osipov, Hido Cohen
APT-C-35 GETS A NEW UPGRADE
DONOT
2022-07-18Palo Alto Networks Unit 42Unit 42
Thirsty Gemini
BackConfig QUILTED TIGER
2022-04-28PWCPWC UK
Cyber Threats 2021: A Year in Retrospect
BPFDoor APT15 APT31 APT41 APT9 BlackTech BRONZE EDGEWOOD DAGGER PANDA Earth Lusca HAFNIUM HAZY TIGER Inception Framework LOTUS PANDA QUILTED TIGER RedAlpha Red Dev 17 Red Menshen Red Nue VICEROY TIGER
2022-01-18ESET ResearchFacundo Muñoz, Matías Porolli
DoNot Go! Do not respawn!
yty
2021-10-07Amnesty InternationalAmnesty International
Hackers-for-Hire in West Africa - Activist in Togo attacked with Indian-made Spyware
yty
2021-07-22cybleCyble
DoNot APT Group Delivers A Spyware Variant Of Chat App
VICEROY TIGER
2021-04-21Cybleinccybleinc
Donot Team APT Group Is Back To Using Old Malicious Patterns
KnSpy
2020-10-30360 Core Security360
肚脑虫组织( APT-C-35)疑似针对巴基斯坦军事人员的最新攻击活动
KnSpy
2020-10-29Cisco TalosPaul Rascagnères, Vitor Ventura, Warren Mercer
DoNot’s Firestarter abuses Google Firebase Cloud Messaging to spread
KnSpy
2020-09-30RiskIQJon Gross
Diving Into DONOT's Mobile Rabbit Hole
KnSpy
2020-06-03Palo Alto Networks Unit 42Alex Hinchliffe, Doel Santos
Threat Assessment: Hangover Threat Group
BackConfig VICEROY TIGER
2020-06-01Twitter (@voodoodahl1)Matt Dahl
Tweet on malware called knspy used by Donot
KnSpy
2020-05-11Palo Alto Networks Unit 42Alex Hinchliffe, Robert Falcone
Updated BackConfig Malware Targeting Government and Military Organizations in South Asia
VICEROY TIGER
2020-04-08TencentTencent
Donot team organization (APT-C-35) mobile terminal attack activity analysis
KnSpy
2020-03-04CrowdStrikeCrowdStrike
2020 CrowdStrike Global Threat Report
MESSAGETAP More_eggs 8.t Dropper Anchor BabyShark BadNews Clop Cobalt Strike CobInt Cobra Carbon System Cutwail DanaBot Dharma DoppelDridex DoppelPaymer Dridex Emotet FlawedAmmyy FriedEx Gandcrab Get2 IcedID ISFB KerrDown LightNeuron LockerGoga Maze MECHANICAL Necurs Nokki Outlook Backdoor Phobos Predator The Thief QakBot REvil RobinHood Ryuk SDBbot Skipper SmokeLoader TerraRecon TerraStealer TerraTV TinyLoader TrickBot Vidar Winnti ANTHROPOID SPIDER APT23 APT31 APT39 APT40 BlackTech BuhTrap Charming Kitten CLOCKWORK SPIDER DOPPEL SPIDER FIN7 Gamaredon Group GOBLIN PANDA MONTY SPIDER MUSTANG PANDA NARWHAL SPIDER NOCTURNAL SPIDER PINCHY SPIDER SALTY SPIDER SCULLY SPIDER SMOKY SPIDER Thrip VENOM SPIDER VICEROY TIGER
2020-01-01SecureworksSecureWorks
ZINC EMERSON
yty QUILTED TIGER
2019-11-15Positive TechnologiesPositive Technologies
Studying Donot Team
yty
2019-08-02NSHCThreatRecon Team
SectorE02 Updates YTY Framework in New Targeted Campaign Against Pakistan Government
yty
2019-01-01CrowdStrikeCrowdStrike
Viceroy Tiger
VICEROY TIGER
2018-12-12360 Threat IntelligenceQi Anxin Threat Intelligence Center
Donot (APT-C-35) Group Is Targeting Pakistani Businessman Working In China
VICEROY TIGER
2018-07-26奇安信威胁情报中心 | 事件追踪
Analysis of the latest attack activities of APT-C-35
yty VICEROY TIGER
2018-03-08NetScoutASERT Team
Donot Team Leverages New Modular Malware Framework in South Asia
yty
2018-03-08NetScoutDennis Schwarz, Hardik Modi, Jill Sopko, Richard Hummel
Donot Team Leverages New Modular Malware Framework in South Asia
VICEROY TIGER
2013-11-06CrowdStrikeAdam Meyers
VICEROY TIGER Delivers New Zero-Day Exploit
VICEROY TIGER
2013-11-05F-SecureSnorre Fagerland
Operation Hangover: Unveiling an Indian Cyberattack Infrastructure
VICEROY TIGER

Credits: MISP Project