ID | Votes | Profile Description |
---|---|---|
REDBALDKNIGHT | 2 | REDBALDKNIGHT, also known as BRONZE BUTLER or Tick, is an Advanced Persistent Threat (APT) group that has been active since at least 2006. The group primarily targets countries in the Asia Pacific region, with a significant focus on Japanese organizations from as early as 2008. They are known for th |
Tick | 2 | Tick is a threat actor, also known as BRONZE BUTLER, that likely originates from the People's Republic of China. Secureworks® incident responders and Counter Threat Unit™ (CTU) researchers have been investigating activities associated with this group. Tick has deployed various tools and malware fami |
BRONZE HUNTLEY | 1 | Bronze Huntley is a recognized threat actor, known for its malicious activities in the cybersecurity domain. The group has been identified as using the ShadowPad DLL loader (secur32.dll), a notorious tool that allows them to inject malicious code into legitimate processes, thus evading detection and |
ID | Type | Votes | Profile Description |
---|---|---|---|
Daserf | Unspecified | 1 | Daserf is a sophisticated malware, custom-developed for use in Tick's cyberespionage campaigns. It is capable of exploiting and damaging computer systems by stealing personal information, disrupting operations, and relaying stolen data back to attacker-controlled servers. The Daserf Trojan employs n |
Datper | Unspecified | 1 | Datper is a Delphi-coded Remote Access Trojan (RAT) likely created by the threat actor group known as BRONZE BUTLER to replace an earlier malware variant, Daserf. This malware, along with Daserf and xxmm, communicates with Command and Control (C2) servers via HTTP, encrypting commands and data using |
Xxmm | Unspecified | 1 | xxmm is a malicious software (malware) that has been observed to be used in tandem with other malware types, including Daserf and Datper, by the threat group BRONZE BUTLER. These malware communicate with their command and control (C2) servers via HTTP, encrypting commands and data using specific alg |
ShadowPad | Unspecified | 1 | ShadowPad is a modular backdoor malware that has been utilized by several Chinese threat groups since at least 2017. Notably, it was used as the payload in supply chain attacks targeting South Asian governments, as reported in the VB2023 paper. ShadowPad provides near-administrative capabilities in |
ID | Type | Votes | Profile Description |
---|---|---|---|
No associations to display |
ID | Type | Votes | Profile Description |
---|---|---|---|
CVE-2016-7836 | Unspecified | 1 | None |
Source | CreatedAt | Title |
---|---|---|
CERT-EU | 10 months ago | My Tea's not cold : an overview of China's cyber threat – Global Security Mag Online |
MITRE | a year ago | BRONZE BUTLER Hacker Group Targets Japanese Enterprises |
MITRE | a year ago | REDBALDKNIGHT’s Daserf Backdoor Now Uses Steganography |
MITRE | a year ago | Exchange servers under siege from at least 10 APT groups | WeLiveSecurity |
Secureworks | a year ago | ShadowPad Malware Analysis |
CERT-EU | a year ago | The slow Tick‑ing time bomb: Tick APT group compromise of a DLP software developer in East Asia | WeLiveSecurity |
CERT-EU | a year ago | ESET: cyberspionagegroep Tick compromitteert specialist in data protection |
CERT-EU | a year ago | ESET: il gruppo di cyberspionaggio Tick colpisce un’azienda di software di data-loss prevention in Asia orientale | Il corriere della sicurezza |