Roaming Tiger

Description

(Palo Alto) In late 2014, ESET presented an attack campaign that had been observed over a period of time targeting Russia and other Russian speaking nations, dubbed “Roaming Tiger”. The attack was found to heavily rely on RTF exploits and at the time, thought to make use of the PlugX malware family.

Names

Name	Name-Giver
Roaming Tiger	ESET
Rotten Tomato	Sophos
CTG-7273	SecureWorks
Bronze Woodland	SecureWorks

Country

China

Motivation

Information theft and espionage

First Seen

2014

Observed Countries

Belarus
Kazakhstan
Kyrgyzstan
Russia
Tajikistan
Ukraine
Uzbekistan

Tools

BBSRAT
Gh0st RAT
PlugX

Operations

2015-08: https://unit42.paloaltonetworks.com/bbsrat-attacks-targeting-russian-organizations-linked-to-roaming-tiger/

Information

http://2014.zeronights.org/assets/files/slides/roaming_tiger_zeronights_2014.pdf

Other Information

Uuid

ee5e9d82-26c3-4f35-bee4-457ab5e20119

Last Card Change

2021-08-10

Threat Intelligence Garden

Explorer

Roaming Tiger

Roaming Tiger

Description

Names

Country

Motivation

First Seen

Observed Countries

Tools

Operations

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks