mirror of
https://github.com/MISP/misp-galaxy.git
synced 2024-11-26 16:57:18 +00:00
chg: [threat-actor] Earth Freybug
added
Tracking it seperately for now though TM identified it as subset of APT41
This commit is contained in:
parent
07cc6be922
commit
dd8b317912
1 changed files with 12 additions and 2 deletions
|
@ -8723,8 +8723,7 @@
|
||||||
"Earth Baku",
|
"Earth Baku",
|
||||||
"Amoeba",
|
"Amoeba",
|
||||||
"HOODOO",
|
"HOODOO",
|
||||||
"Brass Typhoon",
|
"Brass Typhoon"
|
||||||
"Earth Freybug"
|
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"related": [
|
"related": [
|
||||||
|
@ -15853,6 +15852,17 @@
|
||||||
},
|
},
|
||||||
"uuid": "dd0063e0-2d44-4798-9e6d-ef0eaa2c2508",
|
"uuid": "dd0063e0-2d44-4798-9e6d-ef0eaa2c2508",
|
||||||
"value": "UNC3569"
|
"value": "UNC3569"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Earth Freybug, identified as a subset of APT41, is a cyberthreat group active since at least 2012, engaging in espionage and financially motivated activities across various sectors worldwide. The tactics, techniques, and procedures (TTPs) used in this campaign are similar to the ones from a campaign (Operation CuckooBees) described in an article published by Cybereason. They employ a diverse toolkit, including LOLBins and custom malware, to execute sophisticated cyberespionage attacks. The group's recent tactics involve DLL hijacking and API unhooking through a newly discovered malware named UNAPIMON, which prevents child processes from being monitored. This technique was observed in a vmtoolsd.exe process creating remote tasks to deploy malicious batch files for reconnaissance and backdoor access. UNAPIMON's simplicity and use of Microsoft Detours for defense evasion highlight the group's evolving methods and the need for vigilant security measures, such as restricting admin privileges and adhering to the principle of least privilege. Earth Freybug's persistence and creativity in refining their techniques underscore the ongoing threat they pose and the importance of proactive cybersecurity practices.",
|
||||||
|
"meta": {
|
||||||
|
"country": "CN",
|
||||||
|
"refs": [
|
||||||
|
"https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "c6e2e5ba-ffad-4258-8b6e-775b3fa230c3",
|
||||||
|
"value": "Earth Freybug"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 307
|
"version": 307
|
||||||
|
|
Loading…
Reference in a new issue