Names | 8.t Dropper 8.t RTF exploit builder 8t_dropper RoyalRoad | |
Category | Malware | |
Type | Dropper | |
Description | 8T_Dropper has been used by Chinese threat actor TA428 in order to install Cotx RAT onto victim's machines during Operation LagTime IT. According to Proofpoint the attack was developed against a number of government agencies in East Asia overseeing government information technology, domestic affairs, foreign affairs, economic development, and political processes. The dropper was delivered through an RTF document exploiting CVE-2018-0798. | |
Information | <https://nao-sec.org/2020/01/an-overhead-view-of-the-royal-road.html> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.8t_dropper> |
Last change to this tool card: 08 May 2020
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Bronze Butler, Tick, RedBaldNight, Stalker Panda | ![]() | 2010-Jun 2019 | |||
Icefog, Dagger Panda | ![]() | 2011-2018/2019 | |||
Naikon, Lotus Panda | ![]() | 2012-2017 | |||
Rancor | ![]() | 2017 | |||
TA428 | ![]() | 2019-Jun 2020 | |||
Tonto Team, HartBeat, Karma Panda | ![]() | 2009-Dec 2019 | |||
Tropic Trooper, Pirate Panda, APT 23, KeyBoy | ![]() | 2011-Apr 2020 | |||
Vicious Panda | ![]() | 2015-Mar 2020 |
8 groups listed (8 APT, 0 other, 0 unknown)
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on![]() ![]() |
Report incidents |
|
![]() |
+66 (0)2-123-1234 | |
![]() |
report@thaicert.or.th | |
![]() |
Download PGP key |