Cyber Security

TDTESS Malware Report: What Is TDTESS and How Does It Work?

The TDTESS backdoor is used by the CopyKittens cybercrime group to infect Windows systems. The malware establishes persistence on an infected system by creating a new service named bmwappushservice. This service allows the attackers to remotely control the system and execute additional files. The backdoor also provides a reverse shell, allowing the attackers to access the system directly.

TDTESS Malware Capabilities

  • The TDTESS may modify file time attributes to hide new or changes to existing files. This is done in order to make it difficult for forensic investigators or file analysis tools to detect their activity. Additionally, the TDTESS may delete files that could be used to track their activity or transfer tools and other files into a compromised environment.

Ways to Mitigate TDTESS Malware Attacks

  • The above text discusses various methods that can be used to detect and mitigate TDTESS malware. These include detecting timestomping using file modification monitoring, monitoring for command-line deletion functions, and monitoring for file creation and files transferred into the network.

About Oilrig Threat Group

The two groups are responsible for different cyber espionage campaigns, with Copykittens targeting countries like Israel and the US, and Oilrig targeting Middle Eastern and international victims in a variety of sectors.

Show More

Reactionary Times News Desk

All breaking news stories that matter to America. The News Desk is covered by the sharpest eyes in news media, as they decipher fact from fiction.

Previous/Next Posts

Related Articles

Back to top button