BRONZE BUTLER
Aliases: REDBALDKNIGHT, Tick
BRONZE BUTLER is a cyber espionage group with likely Chinese origins that has been active since at least 2008. The group primarily targets Japanese organizations, particularly those in government, biotechnology, electronics manufacturing, and industrial chemistry.
Open interactive actor investigation
ATT&CK techniques
T1140
Deobfuscate/Decode Files or InformationT1005
Data from Local SystemT1007
System Service DiscoveryT1070.004
File DeletionT1059.006
PythonT1566.001
Spearphishing AttachmentT1036.005
Match Legitimate Name or LocationT1113
Screen CaptureT1036
MasqueradingT1588.002
ToolT1548.002
Bypass User Account ControlT1059.005
Visual BasicT1132.001
Standard EncodingT1518
Software DiscoveryT1071.001
Web ProtocolsT1039
Data from Network Shared DriveT1124
System Time DiscoveryT1189
Drive-by CompromiseT1574.002
DLL Side-LoadingT1562.001
Disable or Modify ToolsT1003.001
LSASS MemoryT1203
Exploitation for Client ExecutionT1018
Remote System DiscoveryT1560.001
Archive via UtilityT1053.002
AtT1102.001
Dead Drop ResolverT1053.005
Scheduled TaskT1080
Taint Shared ContentT1204.002
Malicious FileT1027.001
Binary PaddingT1547.001
Registry Run Keys / Startup FolderT1059.001
PowerShellT1059.003
Windows Command ShellT1105
Ingress Tool TransferT1550.003
Pass the TicketT1573.001
Symmetric CryptographyT1027.003
SteganographyT1087.002
Domain AccountT1083
File and Directory DiscoveryT1036.002
Right-to-Left OverrideT1059
Command and Scripting Interpreter
Deobfuscate/Decode Files or InformationT1005
Data from Local SystemT1007
System Service DiscoveryT1070.004
File DeletionT1059.006
PythonT1566.001
Spearphishing AttachmentT1036.005
Match Legitimate Name or LocationT1113
Screen CaptureT1036
MasqueradingT1588.002
ToolT1548.002
Bypass User Account ControlT1059.005
Visual BasicT1132.001
Standard EncodingT1518
Software DiscoveryT1071.001
Web ProtocolsT1039
Data from Network Shared DriveT1124
System Time DiscoveryT1189
Drive-by CompromiseT1574.002
DLL Side-LoadingT1562.001
Disable or Modify ToolsT1003.001
LSASS MemoryT1203
Exploitation for Client ExecutionT1018
Remote System DiscoveryT1560.001
Archive via UtilityT1053.002
AtT1102.001
Dead Drop ResolverT1053.005
Scheduled TaskT1080
Taint Shared ContentT1204.002
Malicious FileT1027.001
Binary PaddingT1547.001
Registry Run Keys / Startup FolderT1059.001
PowerShellT1059.003
Windows Command ShellT1105
Ingress Tool TransferT1550.003
Pass the TicketT1573.001
Symmetric CryptographyT1027.003
SteganographyT1087.002
Domain AccountT1083
File and Directory DiscoveryT1036.002
Right-to-Left OverrideT1059
Command and Scripting Interpreter