Attack on Security Titans: Earth Longzhi Returns With New Tricks
Tags
cmtmf-attack-pattern: Event Triggered Execution
country: Fiji Indonesia Thailand Philippines Vietnam Taiwan U.S. Virgin Islands
maec-delivery-vectors: Watering Hole
attack-pattern: Data Bypass User Account Control - T1548.002 Component Object Model - T1559.001 Dll Side-Loading - T1574.002 Dns - T1071.004 Dns - T1590.002 Event Triggered Execution - T1624 Event Triggered Execution - T1546 Exploitation For Privilege Escalation - T1404 File Deletion - T1070.004 File Deletion - T1630.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Image File Execution Options Injection - T1546.012 Lsass Memory - T1003.001 Malware - T1587.001 Malware - T1588.001 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Process Discovery - T1424 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Service Execution - T1569.002 Software - T1592.002 System Services - T1569 Web Shell - T1505.003 Tool - T1588.002 Bypass User Account Control - T1088 Connection Proxy - T1090 Credential Dumping - T1003 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Exploitation For Privilege Escalation - T1068 File Deletion - T1107 Image File Execution Options Injection - T1183 Indicator Removal On Host - T1070 Process Discovery - T1057 Rootkit - T1014 Scheduled Task - T1053 Service Execution - T1035 Web Shell - T1100 Rootkit
Show in Graph
Common Information
Type Value
UUID 3a109e36-2959-4495-9d66-253a08757e00
Fingerprint 3414c873d52c5641
Analysis status DONE
Considered CTI value 2
Text language
Published May 2, 2023, midnight
Added to db June 5, 2023, 10:45 a.m.
Last updated Nov. 17, 2024, 6:56 p.m.
Headline Attack on Security Titans: Earth Longzhi Returns With New Tricks
Title Attack on Security Titans: Earth Longzhi Returns With New Tricks
Detected Hints/Tags/Attributes 125/4/78
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/de_de/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html
Details Source https://www.trendmicro.com/en_us/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html
Details Source https://www.trendmicro.com/en_ph/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html
Details Source https://www.trendmicro.com/en_gb/research/23/e/attack-on-security-titans-earth-longzhi-returns-with-new-tricks.html
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 119 Trend Micro Research, News and Perspectives https://feeds.feedburner.com/TrendMicroSimplySecurity 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 1 
cve-2018-5713
Details Domain 2 
evnpowerspeedtest.com
Details Domain 1 
www.updateforhours.com
Details Domain 1 
dns.eudnslog.com
Details Domain 1 
asis.downloadwindowsupdate.co
Details File 12 
zamguard64.sys
Details File 3 
mpdlpcmd.exe
Details File 97 
mpcmdrun.exe
Details File 19 
mpclient.dll
Details File 1 
mpclient.bin
Details File 1 
mmmm.sys
Details File 10 
360rp.exe
Details File 7 
360rps.exe
Details File 16 
360safe.exe
Details File 21 
360sd.exe
Details File 33 
360tray.exe
Details File 1 
aliyun_assist_service.exe
Details File 1 
aliyundun.exe
Details File 1 
aliyundunupdate.exe
Details File 3 
cyserver.exe
Details File 1 
cytray.exe
Details File 198 
msmpeng.exe
Details File 87 
nissrv.exe
Details File 7 
securityhealthsystray.exe
Details File 1 
tlaworker.exe
Details File 1 
yunsuo_agent_daemon.exe
Details File 1 
yunsuo_agent_service.exe
Details File 36 
zhudongfangyu.exe
Details File 1 
360sdrun.exe
Details File 14 
cntaosmgr.exe
Details File 2 
mcafee-security.exe
Details File 2 
mcafee-security-ft.exe
Details File 29 
ntrtscan.exe
Details File 2 
qmbsrv.exe
Details File 12 
qqpcrtp.exe
Details File 20 
qqpctray.exe
Details File 6 
tmccsf.exe
Details File 16 
tmlisten.exe
Details File 533 
ntdll.dll
Details File 3 
srpapi.dll
Details File 1 
revdir.docx
Details File 1 
khoi.docx
Details File 1 
ap.dll
Details File 1 
apssp.dll
Details File 55 
dwm.exe
Details File 172 
dllhost.exe
Details File 7 
startmenuexperiencehost.exe
Details File 99 
c:\windows\explorer.exe
Details File 73 
trojan.msi
Details sha256 1 
7910478d53ab5721208647709ef81f503ce123375914cd504b9524577057f0ec
Details sha256 1 
ebf461be88903ffc19363434944ad31e36ef900b644efa31cde84ff99f3d6aed
Details sha256 1 
21ffa168a60f0edcbc5190d46a096f0d9708512848b88a50449b7a8eb19a91ed
Details sha256 1 
942b93529c45f27cdbd9bbcc884a362438624b8ca6b721d51036ddaebc750d8e
Details sha256 1 
75a51d1f1dd26501e02907117f0f4dd91469c7dd30d73a715f52785ea3ae93c8
Details sha256 1 
4399c5d9745fa2f83bd1223237bdabbfc84c9c77bacc500beb25f8ba9df30379
Details sha256 1 
8327cd200cf963ada4d2cde942a82bbed158c008e689857853262fcda91d14a4
Details sha256 1 
9eceba551baafe79b45d412c5347a3d2a07de00cc23923b7dee1616dee087905
Details sha256 1 
630bb985d2df8e539e35f2da696096e431b3274428f80bb6601bbf4b1d45f71e
Details sha256 1 
ef8e658cd71c3af7c77ab21d2347c7d41764a68141551938b885da41971dd733
Details sha256 1 
e654ecc10ce3df9f33d1e7c86c704cfdc9cf6c6f49aa11af2826cbc4b659e97c
Details sha256 1 
16887b36f87a08a12fe3b72d0bf6594c3ad5e6914d26bff5e32c9b44acfec040
Details sha256 1 
39de0389d3186234e544b449e20e48bd9043995ebf54f8c6b33ef3a4791b6537
Details IPv4 1 
194.31.53.128
Details IPv4 3 
198.13.47.158
Details IPv4 1 
207.148.115.125
Details IPv4 1 
64.227.164.34
Details MITRE ATT&CK Techniques 173 
T1003.001
Details MITRE ATT&CK Techniques 174 
T1569.002
Details MITRE ATT&CK Techniques 227 
T1574.002
Details MITRE ATT&CK Techniques 504 
T1140
Details MITRE ATT&CK Techniques 297 
T1070.004
Details MITRE ATT&CK Techniques 183 
T1036.005
Details MITRE ATT&CK Techniques 275 
T1053.005
Details MITRE ATT&CK Techniques 86 
T1548.002
Details MITRE ATT&CK Techniques 208 
T1068
Details MITRE ATT&CK Techniques 13 
T1546.012
Details Threat Actor Identifier - APT 522 
APT41
Details Windows Registry Key 164 
HKLM\SOFTWARE\Microsoft\Windows