🇮🇳

VICEROY TIGER

APT Group Information theft and espionage 5 zero-day CVEs ETDA ✓

Also Known As 5 names

APT-C-35 Donot Team OPERATION HANGOVER Orange Kala SectorE02

Target Countries 24

Countries highlighted in red

Austria Bangladesh Bhutan Canada China Germany France Indonesia India Islamic Republic of Iran Jordan Kuwait Sri Lanka Myanmar Norway Oman Panama Pakistan Poland Romania Singapore Thailand Province of China Taiwan United States

Sectors Targeted

Computer Systems Design Services 541512 Commercial Banking 52211 Travel Agencies 561510 Telecommunications Hospitality Data Processing, Hosting, and Related Services 51821 Government Defense

Details

Origin 🇮🇳 IN
Last Updated 01 Jun 2022

Malware Families 8

dilljuice
Nexe Backdoor
win.shatteredglass
unidentified_102
knspy
GlassWorm
glasses
ASYNCRAT

MITRE ATT&CK 118

T1005 - Data from Local System T1021 T1021.001 T1025 - Data from Removable Media T1027 - Obfuscated Files or Information T1027.001 T1027.002 T1027.005 T1027.010 T1030 - Data Transfer Size Limits T1033 T1036 - Masquerading T1036.005 - Match Legitimate Name or Location T1041 - Exfiltration Over C2 Channel T1047 T1048 - Exfiltration Over Alternative Protocol T1048.003 T1053 - Scheduled Task/Job T1053.005 - Scheduled Task T1055 - Process Injection T1055.012 T1056 - Input Capture T1057 - Process Discovery T1059 - Command and Scripting Interpreter T1059.001 - PowerShell T1059.003 T1059.005 T1070 - Indicator Removal on Host T1070.004 T1070.006 - Timestomp T1071 - Application Layer Protocol T1071.001 - Web Protocols T1074 - Data Staged T1074.001 T1082 - System Information Discovery T1083 - File and Directory Discovery T1102 T1102.001 T1102.002 - Bidirectional Communication T1105 - Ingress Tool Transfer T1106 - Native API T1110 - Brute Force T1112 T1113 - Screen Capture T1119 T1123 T1124 - System Time Discovery T1132 - Data Encoding T1132.001 - Standard Encoding T1137.001 T1140 - Deobfuscate/Decode Files or Information T1176 T1189 T1190 - Exploit Public-Facing Application T1193 T1195 T1197 T1203 - Exploitation for Client Execution T1204 - User Execution T1204.001 T1204.002 - Malicious File T1210 T1213 - Data from Information Repositories T1218 T1218.001 T1221 T1398 T1406 T1417 T1418 T1420 T1422 T1426 T1429 T1430 T1434 T1437 T1480 T1481 T1497 - Virtualization/Sandbox Evasion T1497.001 - System Checks T1512 T1517 T1518 T1518.001 T1533 T1534 - Internal Spearphishing T1547 - Boot or Logon Autostart Execution T1547.001 - Registry Run Keys / Startup Folder T1548 T1548.002 T1553 T1553.002 T1555 T1555.003 - Credentials from Web Browsers T1559 T1559.002 T1560 T1562.001 - Disable or Modify Tools T1566 - Phishing T1566.001 - Spearphishing Attachment T1566.002 T1568.002 - Domain Generation Algorithms T1571 - Non-Standard Port T1573.001 - Symmetric Cryptography T1574 T1574.001 T1574.002 - DLL Side-Loading T1583.001 - Domains T1587 T1587.002 T1588 - Obtain Capabilities T1588.002 T1588.005 T1598 T1598.003 T1680 TA0011

Related Zero-Days 5

CVE-2017-0199 CVE-2019-2215 CVE-2021-40444 CVE-2023-38831 CVE-2025-6218