Recorded Future analyzed new malware targeting the Tibetan community, resulting in a detailed analysis of the malware and its associated infrastructure. Sources include Recorded Future’s platform, VirusTotal, ReversingLabs, and third-party metadata, as well as common OSINT and network metadata enrichments, such as DomainTools Iris and PassiveTotal. This research is part of a series highlighting the breadth of sophisticated techniques used by the Chinese state against perceived domestic threats.
