Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 14:58:03 UTC
Home > List all groups > List all tools > List all groups using tool TidePool
 Tool: TidePool
Names TidePool
Category Malware
Type Reconnaissance, Backdoor, Info stealer, Exfiltration
Description
(Palo Alto) TidePool contains many capabilities common to most RATs. It allows the
attacker to read, write and delete files and folders, and run commands over named pipes.
TidePool gathers information about the victim’s computer, base64 encodes the data, and
sends it to the Command and Control (C2) server via HTTP, which matches capabilities of
the BS2005 malware family used by the Ke3chang actor.
Information
Malpedia AlienVault OTX Last change to this tool card: 14 May 2020
Download this tool card in JSON format
All groups using tool TidePool
Changed Name Country Observed
APT groups
 DragonOK 2015-Jan 2017
 Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon 2010-Oct 2024
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7994d89d-4fcc-4e67-9597-602777f57a17
Page 1 of 2

2 groups listed (2 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7994d89d-4fcc-4e67-9597-602777f57a17
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7994d89d-4fcc-4e67-9597-602777f57a17
Page 2 of 2

APT groups DragonOK    2015-Jan 2017
Ke3chang, Vixen Panda, APT 15, GREF, Playful Dragon 2010-Oct 2024
   Page 1 of 2