8.t Dropper

Description

8T_Dropper has been used by Chinese threat actor TA428 in order to install Cotx RAT onto victim’s machines during Operation LagTime IT. According to Proofpoint the attack was developed against a number of government agencies in East Asia overseeing government information technology, domestic affairs, foreign affairs, economic development, and political processes. The dropper was delivered through an RTF document exploiting CVE-2018-0798.

Names

Name
8.t Dropper
8.t RTF exploit builder
8t_dropper
RoyalRoad

Category

Malware

Type

• Dropper

Information

• https://nao-sec.org/2020/01/an-overhead-view-of-the-royal-road.html

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.8t_dropper

Other Information

Uuid

fc849859-2aa0-4b98-8573-36d9041fd1c2

Last Card Change

2021-04-24