🇨🇳
Roaming Tiger
APT Group
Information theft and espionage
12 zero-day CVEs
ETDA ✓
Also Known As 2 names
BRONZE WOODLAND
Rotten Tomato
Target Countries 6
Countries highlighted in red
Belarus
Kyrgyzstan
Kazakhstan
Tajikistan
Ukraine
Uzbekistan
Sectors Targeted
No targeted sector recordedDetails
Origin
🇨🇳 CN
Last Updated
01 Jun 2022
MITRE ATT&CK 141
T1001
T1001.001
T1003
T1003.001
T1003.002
T1003.003
T1005 - Data from Local System
T1006
T1014
T1016
T1016.002
T1021
T1021.001
T1021.002
T1025
T1027 - Obfuscated Files or Information
T1027.013
T1030
T1036
T1036.005
T1037
T1037.001
T1039
T1040
T1048
T1048.002
T1053.005 - Scheduled Task
T1055 - Process Injection
T1056
T1056.001
T1057
T1059
T1059.001 - PowerShell
T1059.003
T1068
T1070
T1070.001
T1070.004
T1070.006
T1071
T1071.001 - Web Protocols
T1071.003
T1074
T1074.001
T1074.002
T1078 - Valid Accounts
T1078.004
T1083
T1090 - Proxy
T1090.001
T1090.002
T1090.003
T1091
T1092
T1098 - Account Manipulation
T1098.002
T1102
T1102.002
T1105 - Ingress Tool Transfer
T1110
T1110.001
T1110.003
T1113
T1114
T1114.002
T1114.003 - Email Forwarding Rule
T1119
T1120
T1129
T1133 - External Remote Services
T1134
T1134.001
T1137
T1137.002
T1140 - Deobfuscate/Decode Files or Information
T1189
T1190
T1193
T1199
T1203
T1204
T1204.001 - Malicious Link
T1204.002
T1210
T1211
T1212 - Exploitation for Credential Access
T1213
T1213.002
T1218
T1218.011
T1221
T1498
T1505
T1505.003
T1528
T1542
T1542.003
T1546
T1546.015
T1547 - Boot or Logon Autostart Execution
T1547.001
T1550
T1550.001
T1550.002
T1557
T1557.004
T1559
T1559.002
T1560
T1560.001
T1561
T1561.001
T1562
T1562.004
T1564
T1564.001
T1564.003
T1566
T1566.001 - Spearphishing Attachment
T1567
T1573
T1573.001
T1583
T1583.001
T1583.003
T1583.006
T1584
T1584.008
T1586
T1586.002
T1588
T1588.002
T1589
T1589.001
T1591
T1595
T1595.002
T1596
T1598
T1598.003
T1669