ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool 8.t Dropper

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: 8.t Dropper

Names8.t Dropper
8.t RTF exploit builder
8t_dropper
RoyalRoad
CategoryMalware
TypeDropper
Description8T_Dropper has been used by Chinese threat actor TA428 in order to install Cotx RAT onto victim's machines during Operation LagTime IT. According to Proofpoint the attack was developed against a number of government agencies in East Asia overseeing government information technology, domestic affairs, foreign affairs, economic development, and political processes. The dropper was delivered through an RTF document exploiting CVE-2018-0798.
Information<https://nao-sec.org/2020/01/an-overhead-view-of-the-royal-road.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.8t_dropper>

Last change to this tool card: 24 April 2021

Download this tool card in JSON format

All groups using tool 8.t Dropper

ChangedNameCountryObserved

APT groups

XBronze Butler, Tick, RedBaldNight, Stalker PandaChina2006-Apr 2021X
 Goblin Panda, Cycldek, ConimesChina2013-Jun 2020 
XIcefog, Dagger PandaChina2011-2018/2019 
 Naikon, Lotus PandaChina2010-Apr 2022 
XRancorChina2017 
 RedFoxtrotChina2014-Aug 2021 
 SharpPandaChina2018 
 TA428China2013-Jan 2022 
 Tonto Team, HartBeat, Karma PandaChina2009-Apr 2023 
 Tropic Trooper, Pirate Panda, APT 23, KeyBoyChina2011-Jul 2020 
 Vicious PandaChina2015-Mar 2020 

11 groups listed (11 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]