【図表】
Operation ENDTRADE’s timeline
New downloaders and trojans
down_new command list
down_new collects home phone data and URL path
First stage: Information collection
出典: https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/
【資料】
◆Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data (Trendmicro, 2019/11/29)
https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-Tick-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf
【IoT情報】
◆Tick (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2019/11/29/000000
◆Lilith (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2019/11/29/000000_1
◆ABK Downloader (IoC (TT Malware Log))
https://ioc.hatenablog.com/entry/2019/11/29/000000_2
【関連情報】
◆Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK (Trendmicro, 2019/11/29 03:29)
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-endtrade-finding-multi-stage-backdoors-that-tick/
⇒ https://malware-log.hatenablog.com/entry/2019/11/29/000000_6
◆サイバー攻撃集団「TICK」による「Operation ENDTRADE」 (Trendmicro, 2019/12/12)
https://blog.trendmicro.co.jp/archives/23107
⇒ https://malware-log.hatenablog.com/entry/2019/12/12/000000_11
【関連まとめ記事】
◆全体まとめ
◆攻撃組織 / Actor (まとめ)
◆標的型攻撃組織 / APT (まとめ)
◆Tick / Bronze Butler (まとめ)
http://malware-log.hatenablog.com/entry/Tick