Web Bugs & the Tubthumping Tactics of Chinese Threat Actor TA416
DISCARDED: Tales From the Threat Research Trenches
00:00
The Role of Trident in Phishing
The Trident loader is a, in my opinion, one of the strongest indicators of this group's plug X. The use of archives attached to particular emails where the raw or tar archives contain a geopolitically themed file name would then drop a portable executable file that shared that political file name. That was a loader or a down loader, which would call out to four different URLs to pull down the components necessary for a trident load of the plug X payload. And also the PDF that would be downloaded. So it would download a PE, a DLL, the DAT file, and then the PDF decoy file. More than one Chinese APT uses that tried and loaded method.
Play episode from 21:59
Transcript
