MISP/misp-galaxy
6
0
Fork 0
mirror of https://github.com/MISP/misp-galaxy.git synced 2024-11-22 23:07:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

[threat-actors] Add Earth Estries

Browse source
This commit is contained in:
Mathieu Beligon 2023-11-03 11:13:11 +01:00
parent 4a521eec3b
commit 64f0a87ed7
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
clusters/threat-actor.json
View file

@ -12205,6 +12205,17 @@
},
"uuid": "5368c0a2-eb79-420c-b808-85ae719efccd",
"value": "TetrisPhantom"
},
{
"description": "Trend Micro found that Earth Estries relies heavily on DLL sideloading to load various tools within its arsenal. Aside from the backdoors previously mentioned, this intrusion set also utilizes commonly used remote control tools like Cobalt Strike, PlugX, or Meterpreter stagers interchangeably in various attack stages. These tools come as encrypted payloads loaded by custom loader DLLs.",
"meta": {
"refs": [
"https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html",
"https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/"
]
},
"uuid": "1f7f4a51-c4a8-4365-ade3-83b222e7cb67",
"value": "Earth Estries"
}
],
"version": 288