Introduction
VICEROY TIGER is an adversary with a nexus to India that has historically targeted entities throughout multiple sectors. Older activity targeted multiple sectors and countries; however, since 2015 this adversary appears to focus on entities in Pakistan with a particular focus on government and security organizations. This adversary consistently leverages spear phishing emails containing malicious Microsoft Office documents, malware designed to target the Android mobile platform, and phishing activity designed to harvest user credentials. In March 2017, the 360 Chasing Team found a sample of targeted attacks that confirmed the previously unknown sample of APTโs attack actions, which the organization can now trace back at least in April 2016. The chasing team named the attack organization APT-C-35. In June 2017, the 360 Threat Intelligence Center discovered the organizationโs new attack activity, confirmed and exposed the gangโs targeted attacks against Pakistan, and analyzed in detail. The unique EHDevel malicious code framework used by the organization.
Activities and Tactics
Targeted Sectors: Government, Administration, Security Service
Country of Origin: ๐ฎ๐ณ India
Risk Level: High
Suspected Victims: Germany
Notable Campaigns
- Lucky Elephant
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- MobileOrder
- Unknown Logger
- Back Orifice
- Back Orifice 2000
- DroidJack
- Androrat
- EHDevel:
- yty:
Attribution and Evidence
Country of Origin: India Additional attribution information pending cataloguing.
References
References pending cataloguing.