Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 23:07:46 UTC
Home > List all groups > List all tools > List all groups using tool SunBird
 Tool: SunBird
Names SunBird
Category Malware
Type Reconnaissance, Backdoor, Info stealer, Exfiltration
Description
(Lookout) Hornbill and SunBird have both similarities and differences in the way they
operate on an infected device. While SunBird features remote access trojan (RAT)
functionality – a malware that can execute commands on an infected device as directed
by an attacker – Hornbill is a discreet surveillance tool used to extract a selected set of
data of interest to its operator.
Information
<https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict>
MITRE ATT&CK <https://attack.mitre.org/software/S1082>
Last change to this tool card: 30 November 2023
Download this tool card in JSON format
All groups using tool SunBird
Changed Name Country Observed
APT groups
  Confucius 2013-Aug 2021  
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8809b635-30b3-4991-b870-60552ddf8b22
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8809b635-30b3-4991-b870-60552ddf8b22
Page 1 of 1