ioc[.]one - OSINT Cyber Threat Intelligence Database

Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks

Tags

cmtmf-attack-pattern:	Acquire Infrastructure Active Scanning Application Layer Protocol Automated Exfiltration Command And Scripting Interpreter Compromise Accounts Compromise Infrastructure Exploit Public-Facing Application Masquerading Obtain Capabilities Scheduled Task/Job Stage Capabilities Trusted Relationship
country:	Venezuela China Guyana Hungary Thailand Taiwan Turkmenistan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Acquire Infrastructure Data Acquire Infrastructure - T1583 Active Scanning - T1595 Application Layer Protocol - T1437 Clipboard Data - T1414 Code Signing Certificates - T1587.002 Code Signing Certificates - T1588.003 Command And Scripting Interpreter - T1623 Compromise Accounts - T1586 Compromise Infrastructure - T1584 Create Or Modify System Process - T1543 Credentials - T1589.001 Dll Side-Loading - T1574.002 Domain Account - T1087.002 Domain Account - T1136.002 Domain Groups - T1069.002 Domains - T1583.001 Domains - T1584.001 Double File Extension - T1036.007 Email Account - T1087.003 Email Accounts - T1585.002 Email Accounts - T1586.002 Email Addresses - T1589.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Exploitation Of Remote Services - T1428 Exploitation For Privilege Escalation - T1404 Exploit Public-Facing Application - T1377 Exploitation For Client Execution - T1658 Exploits - T1587.004 Exploits - T1588.005 Gather Victim Host Information - T1592 Gather Victim Network Information - T1590 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Impersonation - T1656 Ingress Tool Transfer - T1544 Internal Spearphishing - T1534 Ip Addresses - T1590.005 Link Target - T1608.005 Local Account - T1087.001 Local Account - T1136.001 Local Accounts - T1078.003 Lsass Memory - T1003.001 Malicious File - T1204.002 Malicious Link - T1204.001 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Process Discovery - T1424 Obtain Capabilities - T1588 Password Spraying - T1110.003 Phishing - T1660 Phishing - T1566 Powershell - T1059.001 Protocol Tunneling - T1572 Python - T1059.006 Scanning Ip Blocks - T1595.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Security Account Manager - T1003.002 Server - T1583.004 Server - T1584.004 Server Software Component - T1505 Service Execution - T1569.002 Software - T1592.002 Spearphishing Attachment - T1566.001 Spearphishing Link - T1566.002 Stage Capabilities - T1608 Steal Web Session Cookie - T1539 Symmetric Cryptography - T1521.001 Symmetric Cryptography - T1573.001 System Services - T1569 Windows Remote Management - T1021.006 Windows Command Shell - T1059.003 Web Protocols - T1071.001 Web Protocols - T1437.001 Web Shell - T1505.003 Windows Service - T1543.003 Virtual Private Server - T1583.003 Virtual Private Server - T1584.003 Tool - T1588.002 Vulnerabilities - T1588.006 Vulnerability Scanning - T1595.002 Wordlist Scanning - T1595.003 Upload Malware - T1608.001 Upload Tool - T1608.002 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Automated Collection - T1119 Automated Exfiltration - T1020 Brute Force - T1110 Clipboard Data - T1115 Command-Line Interface - T1059 Connection Proxy - T1090 Credential Dumping - T1003 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Email Collection - T1114 Exploit Public-Facing Application - T1190 Exploitation For Client Execution - T1203 Exploitation For Privilege Escalation - T1068 Exploitation Of Remote Services - T1210 External Remote Services - T1133 Remote File Copy - T1105 Masquerading - T1036 Modify Registry - T1112 Permission Groups Discovery - T1069 Powershell - T1086 Process Discovery - T1057 Remote Services - T1021 Scheduled Task - T1053 Service Execution - T1035 System Owner/User Discovery - T1033 System Service Discovery - T1007 Windows Remote Management - T1028 Windows Management Instrumentation - T1047 Valid Accounts - T1078 Web Shell - T1100 Trusted Relationship - T1199 User Execution - T1204 Automated Collection Exploit Public-Facing Application Exploitation Of Remote Services External Remote Services Masquerading Valid Accounts User Execution

Show in Graph

Common Information

Type	Value
UUID	24b90c8e-5551-4333-8e5e-6c54f9858909
Fingerprint	9596819b24319e19
Analysis status	DONE
Considered CTI value	2
Text language
Published	March 18, 2024, midnight
Added to db	Oct. 15, 2024, 4:19 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Title	Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Detected Hints/Tags/Attributes	260/4/96

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_sg/research/24/c/earth-krahang.html
Details	Source	https://www.trendmicro.com/en_au/research/24/c/earth-krahang.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	CVE	27	cve-2023-32315
Details	CVE	12	cve-2022-21587
Details	CVE	60	cve-2021-4034
Details	CVE	5	cve-2021-22555
Details	CVE	44	cve-2016-5195
Details	Domain	2	payslip.pay
Details	Domain	1	simple.net
Details	Domain	2	id.data
Details	Domain	2	conf.data
Details	Domain	2	googledatas.com
Details	File	6	2022.doc
Details	File	2	อง.rar
Details	File	2	complaint.rar
Details	File	2	hungary.exe
Details	File	2	venezuela.exe
Details	File	2	turkmenistan.exe
Details	File	2	payslip.docx
Details	File	3	taskllst.exe
Details	File	56	tasklist.exe
Details	File	2	tasklist_32.exe
Details	File	2	runtimeinit.exe
Details	File	37	1.dll
Details	File	14	2.dll
Details	File	2	id.dat
Details	File	105	googleupdate.exe
Details	File	5	twain_64.dll
Details	File	3	advapi64.dll
Details	File	2	svrhost.exe
Details	File	2	fontsets.exe
Details	File	10	faultrep.dll
Details	File	3	faultrep.dat
Details	File	4	conf.dat
Details	File	2	fualtrep.dll
Details	sha1	2	be31e841820586e9106407d78ae190915f2c012d
Details	sha1	2	97c668912c29b8203a7c3bd7d5d690d5c4e5da53
Details	sha1	2	a94d0e51df6abbc4a7cfe84e36eb8f38bc011f46
Details	IPv4	4	45.32.33.17
Details	IPv4	4	207.148.75.122
Details	MITRE ATT&CK Techniques	14	T1595.001
Details	MITRE ATT&CK Techniques	56	T1595.002
Details	MITRE ATT&CK Techniques	8	T1595.003
Details	MITRE ATT&CK Techniques	50	T1592
Details	MITRE ATT&CK Techniques	33	T1590
Details	MITRE ATT&CK Techniques	82	T1583.001
Details	MITRE ATT&CK Techniques	62	T1583.003
Details	MITRE ATT&CK Techniques	19	T1586.002
Details	MITRE ATT&CK Techniques	21	T1584.004
Details	MITRE ATT&CK Techniques	42	T1588.001
Details	MITRE ATT&CK Techniques	33	T1588.003
Details	MITRE ATT&CK Techniques	49	T1608.001
Details	MITRE ATT&CK Techniques	15	T1608.002
Details	MITRE ATT&CK Techniques	17	T1608.005
Details	MITRE ATT&CK Techniques	542	T1190
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	52	T1199
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	460	T1059.001
Details	MITRE ATT&CK Techniques	333	T1059.003
Details	MITRE ATT&CK Techniques	59	T1059.006
Details	MITRE ATT&CK Techniques	245	T1203
Details	MITRE ATT&CK Techniques	174	T1569.002
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	310	T1047
Details	MITRE ATT&CK Techniques	180	T1543.003
Details	MITRE ATT&CK Techniques	191	T1133
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	104	T1505.003
Details	MITRE ATT&CK Techniques	208	T1068
Details	MITRE ATT&CK Techniques	43	T1078.003
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	9	T1656
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	19	T1036.007
Details	MITRE ATT&CK Techniques	550	T1112
Details	MITRE ATT&CK Techniques	49	T1110.003
Details	MITRE ATT&CK Techniques	173	T1003.001
Details	MITRE ATT&CK Techniques	43	T1003.002
Details	MITRE ATT&CK Techniques	99	T1539
Details	MITRE ATT&CK Techniques	72	T1087.001
Details	MITRE ATT&CK Techniques	99	T1087.002
Details	MITRE ATT&CK Techniques	74	T1069.002
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	230	T1033
Details	MITRE ATT&CK Techniques	100	T1007
Details	MITRE ATT&CK Techniques	109	T1210
Details	MITRE ATT&CK Techniques	83	T1534
Details	MITRE ATT&CK Techniques	30	T1021.006
Details	MITRE ATT&CK Techniques	111	T1119
Details	MITRE ATT&CK Techniques	89	T1114
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	492	T1105
Details	MITRE ATT&CK Techniques	95	T1572
Details	MITRE ATT&CK Techniques	102	T1020