Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 19:14:47 UTC
Home > List all groups > List all tools > List all groups using tool Hornbill
 Tool: Hornbill
Names Hornbill
Category Malware
Type Reconnaissance, Backdoor, Info stealer, Exfiltration
Description
(Lookout) Hornbill and SunBird have both similarities and differences in the way they
operate on an infected device. While SunBird features remote access trojan (RAT)
functionality – a malware that can execute commands on an infected device as directed
by an attacker – Hornbill is a discreet surveillance tool used to extract a selected set of
data of interest to its operator.
Information
<https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict>
MITRE ATT&CK <https://attack.mitre.org/software/S1077>
Last change to this tool card: 30 November 2023
Download this tool card in JSON format
All groups using tool Hornbill
Changed Name Country Observed
APT groups
  Confucius 2013-Aug 2021  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=34997eba-3a98-445d-a69d-dc939d136794
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=34997eba-3a98-445d-a69d-dc939d136794
Page 1 of 1