2022-11-09 Hack the Real Box APT41’s New Subgroup Earth Longzhi| Threat Intelligence Malaysia

📃Title: Hack the Real Box: APT41’s New Subgroup Earth Longzhi
📅Date: 2022-11-09
🔗References:

https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
MY-relevancy: relevant
sub-category: campaign-analysis
target: targeted

🔖MISP Galaxies:

producer Trend-Micro
malpedia=“Croxloader”
malpedia=“Cobalt Strike”
malpedia=“MimiKatz”
threat-actor APT41
threat-actor Earth-Longzhi
region=“030 - Eastern Asia”
region=“035 - South-eastern Asia”
target-information=“China”
target-information=“Indonesia”
target-information=“Malaysia”
target-information=“Pakistan”
target-information=“Taiwan”
target-information=“Thailand”
target-information=“Ukraine”
mitre-attack-pattern=[‘T1573.002’, ‘T1555.003’, ‘T1003.006’, ‘T1574.002’, ‘T1562.001’, ‘T1090.004’, ‘T1036.007’, ‘T1589.002’, ‘T1190’, ‘T1211’, ‘T1068’, ‘T1090.002’, ‘T1090.001’, ‘T1003.001’, ‘T1095’, ‘T1547.012’, ‘T1055’, ‘T1566.001’, ‘T1070.006’, ‘T1071.001’]

MISP event uuid: e142a39b-090a-49fd-9a38-3e2437e429df

Indicator of Compromise (IoCs)

type,value,comment
ip-dst, 47.108.173.88, ''
hostname, www.affice366.com, ''
hostname, www.vietsovspeedtest.com, ''
hostname, c.ymvh8w5.xyz, ''
ip-dst, 139.180.138.226, ''

Full IOCs available in Rectifyq's MISP```

Rectifyq

Explorer

2022-11-09 Hack the Real Box APT41’s New Subgroup Earth Longzhi

Indicator of Compromise (IoCs)

Graph View