2022-11-09 Hack the Real Box APT41’s New Subgroup Earth Longzhi| Threat Intelligence Malaysia

📃Title: Hack the Real Box: APT41’s New Subgroup Earth Longzhi
📅Date: 2022-11-09
🔗References:

https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
MY-relevancy: relevant
sub-category: campaign-analysis
target: targeted

🔖MISP Galaxies:

producer= Trend-Micro
malpedia=“Croxloader”
malpedia=“Cobalt Strike”
malpedia=“MimiKatz”
threat-actor= APT41
threat-actor= Earth-Longzhi
region=“030 - Eastern Asia”
region=“035 - South-eastern Asia”
target-information=“China”
target-information=“Indonesia”
target-information=“Malaysia”
target-information=“Pakistan”
target-information=“Taiwan”
target-information=“Thailand”
target-information=“Ukraine”
mitre-attack-pattern=[‘T1573.002’, ‘T1555.003’, ‘T1003.006’, ‘T1574.002’, ‘T1562.001’, ‘T1090.004’, ‘T1036.007’, ‘T1589.002’, ‘T1190’, ‘T1211’, ‘T1068’, ‘T1090.002’, ‘T1090.001’, ‘T1003.001’, ‘T1095’, ‘T1547.012’, ‘T1055’, ‘T1566.001’, ‘T1070.006’, ‘T1071.001’]

MISP event uuid: e142a39b-090a-49fd-9a38-3e2437e429df

Indicator of Compromise (IoCs)

type,value,comment
md5, ae8675d2f910145f5ebc6044a71ad0f4, 'CroxLoader'
md5, f9f17b1db4b3e5fbf65a26ef8eba9565, 'AllInOne'
md5, 494cc48a9856cf5b46fb13bcd68c256f, 'AVBurner + PrintSpoofer'
md5, ac96bb64a7b0afb48ebc6c67e8eef4cf, 'ProcBurner'
md5, 9487ff25f1949a253483b94165d3aa64, 'ProcBurner'
md5, f5daa93b81be67cfd79a403d5a8a7ed8, 'BigpipeLoader'
md5, 9aad734bc59b22f393ae53220546f025, 'BigpipeLoader'
md5, 11f483182a6d4f1a0dd2682e58b4eaf0, 'BigpipeLoader'
md5, e31f405637c30ce01cc83c8fd60a6c34, 'BigpipeLoader'
md5, e48c30853028399ca47333a7009aac65, 'BigpipeLoader'
md5, 03e48c514673b6a6fab2659b7754d779, 'BigpipeLoader'
md5, a8eeda20c491a5994843cf77063a7fde, 'OutLoader'
md5, b236a41cd95ebeb78228251db5a5fe8b, 'OutLoader'
md5, 075ba8e8b03e3147a8f3d71e9f8a53c9, 'SymaticLoader'
md5, 81e1d6ebbe3e4d7b1093cd845732ace8, 'SymaticLoader'
md5, 404c182f7807d5afb403b1b376808d2a, 'SymaticLoader'
md5, e8920f386531f7c08d2674c641e7c1b4, 'SymaticLoader'
md5, 09aada6270bd742a1ec628dc48d3b77f, 'SymaticLoader'
md5, 87571e0feb0033a63be4f602e5dd8b28, 'SymaticLoader'
md5, f473cba03a78c1bfd54f2dbf97c0173f, 'SymaticLoader'
md5, 78befc83258b58cf1bdc7a3e18b58e9b, 'BigpipeLoader'
md5, bde91a78424fd430ff76a35e0f13b261, 'BigpipeLoader'
md5, 35afdce9f8dc7db6876c627a13661ba2, 'BigpipeLoader'
md5, 529f2ee728e6eb068fe95ea993c09dd2, 'BigpipeLoader'
md5, 9c161668cc77563a0415c6b0b92bd6ba, 'BigpipeLoader'
md5, 9fb933db1e3334c5e2c220c702294033, 'Multipiploader'
ip-dst, 47.108.173.88, ''
hostname, www.affice366.com, ''
hostname, www.vietsovspeedtest.com, ''
hostname, c.ymvh8w5.xyz, ''
ip-dst, 139.180.138.226, ''

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2022-11-09 Hack the Real Box APT41’s New Subgroup Earth Longzhi

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-04-30 Inside Shadow-Earth-053 A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia

2026-04-29 Phoenix Rising Exposing the PhaaS Kit Behind Global Mass Phishing Campaigns

2026-04-21 GhostCargo, a 5-years campaign

Graph View