SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
TDTESS
TDTESS is a 64-bit .NET binary backdoor used by CopyKittens. [1]
ID: S0164
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 16 January 2018
Last Modified: 30 March 2020
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .003 | Command and Scripting Interpreter: Windows Command Shell | |
| Enterprise | T1543 | .003 | Create or Modify System Process: Windows Service |
If running as administrator, TDTESS installs itself as a new service named bmwappushservice to establish persistence.[1] |
| Enterprise | T1070 | .004 | Indicator Removal on Host: File Deletion |
TDTESS creates then deletes log files during installation of itself as a service.[1] |
| .006 | Indicator Removal on Host: Timestomp |
After creating a new service for persistence, TDTESS sets the file creation time for the service to the creation time of the victim's legitimate svchost.exe file.[1] |
||
| Enterprise | T1105 | Ingress Tool Transfer |
TDTESS has a command to download and execute an additional file.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0052 | CopyKittens |
References
×