Trend Micro released a white paper about Tick, a Chinese cyberespionage threat actor targeting east asian countries. The report details several new downloader malware families. VMware Carbon Black Threat Analysis Unit (TAU) reviewed the malware and is providing product rules to detect and identify the malware.
Behavior Summary
The Trend Micro report stated that the downloaders were deployed by using right to left override (RTLO) technique or exploiting the CVE-2018-0802 and CVE-2018-0798 vulnerabilities. The downloaders have code which is used to detect antivirus products.
The CB ThreatHunter process diagram shows the downloader activity after it is deployed by the dropper. As the dropper just sets the persistence, rebooting is required to run.
Additionally, CB Defense will display the malware’s overall triggered TTPs.
To learn more, click here.
The post Threat Analysis Unit (TAU) Threat Intelligence Notification: Tick Downloaders (Operation ENDTRADE) appeared first on VMware Carbon Black.