Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 18:06:24 UTC
Home > List all groups > List all tools > List all groups using tool TERA
 Tool: TERA
Names TERA
Category Malware
Type Backdoor
Description
(FireEye) TERA is a backdoor that uses legitimate services, such as Google Translate and
Yahoo! Babel Fish, as proxies to download C&C configurations. It also uses a rootkit to mask
network activity. After resolving the IP address of its C&C server, TERA will provide an input
output control (IOCTL) code to its driver (rootkit component).
Information <https://paper.bobylive.com/Security/APT_Report/APT-41.pdf>
Last change to this tool card: 20 April 2020
Download this tool card in JSON format
All groups using tool TERA
Changed Name Country Observed
APT groups
  APT 41 2012-Jul 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=77b5fbe8-2a9e-4e60-8f9f-94b1b07b0daf
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=77b5fbe8-2a9e-4e60-8f9f-94b1b07b0daf
Page 1 of 1