Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions
Tags
cmtmf-attack-pattern: Code Injection
country: Afghanistan Brazil Malaysia Eswatini India Indonesia Pakistan Thailand Philippines South Africa Vietnam Taiwan
maec-delivery-vectors: Watering Hole
attack-pattern: Data Code Injection - T1540 Credentials - T1589.001 Dll Search Order Hijacking - T1574.001 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Regsvr32 - T1218.010 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Vulnerabilities - T1588.006 Whois - T1596.002 Dll Search Order Hijacking - T1038 Powershell - T1086 Regsvr32 - T1117 Rootkit - T1014 Scheduled Task - T1053 Rootkit
Show in Graph
Common Information
Type Value
UUID 2cca8118-eb93-40f1-a6cf-2d7846d2823b
Fingerprint a75084d34cb5df41
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 25, 2024, midnight
Added to db Nov. 25, 2024, 9:44 a.m.
Last updated Dec. 19, 2024, midnight
Headline Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions
Title Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions
Detected Hints/Tags/Attributes 124/4/73
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/en_us/research/24/k/earth-estries.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 119 Trend Micro Research, News and Perspectives https://feeds.feedburner.com/TrendMicroSimplySecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 50 
cve-2023-46805
Details CVE 65 
cve-2024-21887
Details CVE 35 
cve-2023-48788
Details CVE 38 
cve-2022-3236
Details CVE 202 
cve-2021-26855
Details CVE 97 
cve-2021-26857
Details CVE 98 
cve-2021-26858
Details CVE 137 
cve-2021-27065
Details Domain 1 
onedrived.zip
Details Domain 3 
api.solveblemten.com
Details Domain 1 
123.zip
Details Domain 3 
esh.hoovernamosong.com
Details Domain 3 
vpn114240349.softether.net
Details Domain 4 
palloaltonetworks.com
Details Domain 3 
pulseathermakf.com
Details Domain 3 
cloudlibraries.global.ssl.fastly.net
Details Domain 2 
lib3.cab
Details Domain 3 
www.infraredsen.com
Details Domain 3 
imap.dateupdata.com
Details File 253 
wmic.exe
Details File 127 
psexec.exe
Details File 1 
onedrived.zip
Details File 1 
ondrived.ps1
Details File 1 
nsc.exe
Details File 1 
123.zip
Details File 41 
winmm.dll
Details File 2 
nortonlog.txt
Details File 1 
imfsbsvc.exe
Details File 4 
imfsbdll.dll
Details File 2 
dgapi.dll
Details File 2 
dbindex.dat
Details File 2 
onedrived.ps1
Details File 1308 
powershell.exe
Details File 1 
c:\windows\assembly\onedrived.ps1
Details File 2262 
cmd.exe
Details File 47 
1.zip
Details File 1 
notepadup.exe
Details File 1 
win32up.exe
Details File 1 
c:\windows\debug\info.log
Details File 12 
ps.exe
Details File 1 
c:\windows\assembly\ps.exe
Details File 1 
c:\windows\assembly\1.bat
Details File 1 
c:\windows\debug\1.bat
Details File 480 
regsvr32.exe
Details File 21 
core.dll
Details File 5 
spider.dll
Details File 1 
login.dll
Details File 22 
loader.dll
Details File 14 
client.dll
Details File 1 
%systemroot%\assembly\imfsbdll.dll
Details File 1 
%systemroot%\assembly\dgapi.dll
Details File 1 
lib3.cab
Details File 1 
psvchostdll_x64.dll
Details File 1 
aesedmemorybinx64.reg
Details File 1 
msmp4dec.dll
Details File 1 
wpccfg.dll
Details File 1 
dumpfiskfss.sys
Details File 1 
sstpcfs.dll
Details sha256 2 
2b5e7b17fc6e684ff026df3241af4a651fc2b55ca62f8f1f7e34ac8303db9a31
Details sha256 2 
44ea2e85ea6cffba66f5928768c1ee401f3a6d6cd2a04e0d681d695f93cc5a1f
Details sha256 4 
6d64643c044fe534dbb2c1158409138fcded757e550c6f79eada15e69a7865bc
Details sha256 4 
25b9fdef3061c7dfea744830774ca0e289dba7c14be85f0d4695d382763b409b
Details IPv4 4 
23.81.41.166
Details IPv4 3 
165.154.227.192
Details IPv4 3 
158.247.222.165
Details IPv4 2 
103.159.133.251
Details IPv4 2 
141.255.164.98
Details IPv4 2 
27.102.113.240
Details IPv4 4 
103.159.133.205
Details Mandiant Uncategorized Groups 30 
UNC2286
Details Mandiant Uncategorized Groups 66 
UNC4841
Details Pdb 2 
e:\masol_https190228\x64\release\masol.pdb
Details Url 2 
http://103.159.133.205/lib3.cab