ioc[.]one - OSINT Cyber Threat Intelligence Database

Earth Preta Evolves its Attacks with New Malware and Strategies

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Process Injection Scheduled Task/Job System Network Connections Discovery
country:	Cambodia Myanmar Philippines Singapore Vietnam Taiwan
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Software Discovery - T1418 Application Layer Protocol - T1437 Archive Collected Data - T1560 Archive Collected Data - T1532 Archive Via Utility - T1560.001 Boot Or Logon Autostart Execution - T1547 Cloud Services - T1021.007 Code Signing - T1553.002 Credentials - T1589.001 Data From Local System - T1533 Dll Side-Loading - T1574.002 Environmental Keying - T1480.001 Execution Guardrails - T1480 Execution Guardrails - T1627 Exfiltration Over Alternative Protocol - T1639 Exfiltration Over Web Service - T1567 Exfiltration To Cloud Storage - T1567.002 Replication Through Removable Media - T1458 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Ip Addresses - T1590.005 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 System Information Discovery - T1426 Phishing - T1660 Phishing - T1566 Process Injection - T1631 Registry Run Keys / Startup Folder - T1547.001 Scheduled Task - T1053.005 Scheduled Task/Job - T1603 Security Software Discovery - T1418.001 Security Software Discovery - T1518.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 Software Discovery - T1518 Spearphishing Attachment - T1566.001 Spearphishing Attachment - T1598.002 Subvert Trust Controls - T1632 Subvert Trust Controls - T1553 Web Protocols - T1071.001 Web Protocols - T1437.001 Tool - T1588.002 Standard Application Layer Protocol - T1071 Code Signing - T1116 Data From Local System - T1005 Dll Side-Loading - T1073 Exfiltration Over Alternative Protocol - T1048 Process Injection - T1055 Registry Run Keys / Start Folder - T1060 Replication Through Removable Media - T1091 Scheduled Task - T1053 Security Software Discovery - T1063 Spearphishing Attachment - T1193 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 Replication Through Removable Media Spearphishing Attachment

Show in Graph

Common Information

Type	Value
UUID	3a3d2fac-5e11-49fd-914f-5f76946ae1c7
Fingerprint	f504ad19b2bfacc9
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 9, 2024, midnight
Added to db	Oct. 15, 2024, 7:59 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Earth Preta Evolves its Attacks with New Malware and Strategies
Title	Earth Preta Evolves its Attacks with New Malware and Strategies
Detected Hints/Tags/Attributes	134/4/41

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_no/research/24/i/earth-preta-new-malware-and-strategies.html
Details	Source	https://www.trendmicro.com/en_gb/research/24/i/earth-preta-new-malware-and-strategies.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	2	cocbox.zip
Details	Domain	7	myip.ipip.net
Details	Domain	707	google.com
Details	File	7	usbconfig.exe
Details	File	8	u2ec.dll
Details	File	2	wcbrowserwatcher.exe
Details	File	2	coccocpdate.dll
Details	File	2	cocbox.zip
Details	File	2	c:\programdata\intel\_\usbconfig.exe
Details	File	3	coccocupdate.exe
Details	File	96	rar.exe
Details	File	2	-n.xls
Details	File	2	kmrefresh.exe
Details	File	2	coreglobconfig.dll
Details	File	2	glob.dat
Details	File	2	canonlog.exe
Details	File	2	ceiinfolog.dll
Details	File	2	cannon.dat
Details	IPv4	4	16.162.188.93
Details	MITRE ATT&CK Techniques	55	T1091
Details	MITRE ATT&CK Techniques	310	T1566.001
Details	MITRE ATT&CK Techniques	207	T1547
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	18	T1480.001
Details	MITRE ATT&CK Techniques	55	T1553.002
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	141	T1518.001
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	245	T1016
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	116	T1560.001
Details	MITRE ATT&CK Techniques	100	T1567.002
Details	MITRE ATT&CK Techniques	92	T1048
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	Url	7	http://myip.ipip.net
Details	Windows Registry Key	112	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	3	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Details	Windows Registry Key	188	HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	48	HKLM\Software\Microsoft\Windows\CurrentVersion\Run