mirror of https://github.com/MISP/misp-galaxy
[threat-actors] Add Earth Estries
parent
4a521eec3b
commit
64f0a87ed7
|
@ -12205,6 +12205,17 @@
|
||||||
},
|
},
|
||||||
"uuid": "5368c0a2-eb79-420c-b808-85ae719efccd",
|
"uuid": "5368c0a2-eb79-420c-b808-85ae719efccd",
|
||||||
"value": "TetrisPhantom"
|
"value": "TetrisPhantom"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"description": "Trend Micro found that Earth Estries relies heavily on DLL sideloading to load various tools within its arsenal. Aside from the backdoors previously mentioned, this intrusion set also utilizes commonly used remote control tools like Cobalt Strike, PlugX, or Meterpreter stagers interchangeably in various attack stages. These tools come as encrypted payloads loaded by custom loader DLLs.",
|
||||||
|
"meta": {
|
||||||
|
"refs": [
|
||||||
|
"https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html",
|
||||||
|
"https://www.sentinelone.com/labs/cyber-soft-power-chinas-continental-takeover/"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"uuid": "1f7f4a51-c4a8-4365-ade3-83b222e7cb67",
|
||||||
|
"value": "Earth Estries"
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"version": 288
|
"version": 288
|
||||||
|
|
Loading…
Reference in New Issue