【図表】

Operation ENDTRADE’s timeline

New downloaders and trojans

down_new command list

down_new collects home phone data and URL path

First stage: Information collection
出典: https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/

【資料】

◆Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data (Trendmicro, 2019/11/29)
https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-Tick-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf

【IoT情報】

◆Tick (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2019/11/29/000000

◆Lilith (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2019/11/29/000000_1

◆ABK Downloader (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2019/11/29/000000_2

【関連情報】

◆Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK (Trendmicro, 2019/11/29 03:29)
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/
⇒ https://malware-log.hatenablog.com/entry/2019/11/29/000000_6

◆サイバー攻撃集団「TICK」による「Operation ENDTRADE」 (Trendmicro, 2019/12/12)
https://blog.trendmicro.co.jp/archives/23107
⇒ https://malware-log.hatenablog.com/entry/2019/12/12/000000_11

【関連まとめ記事】

◆全体まとめ
　◆攻撃組織 / Actor (まとめ)
　　◆標的型攻撃組織 / APT (まとめ)

◆Tick / Bronze Butler (まとめ)
http://malware-log.hatenablog.com/entry/Tick