ioc[.]one - OSINT Cyber Threat Intelligence Database

Earth Estries Targets Government, Tech for Cyberespionage

Tags

country:

Malaysia Canada Germany India Philippines Singapore South Africa Taiwan

attack-pattern:

Data Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Email Account - T1087.003 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Server - T1583.004 Server - T1584.004 Windows Service - T1543.003 Virtual Private Server - T1583.003 Virtual Private Server - T1584.003 Connection Proxy - T1090 Powershell - T1086 Valid Accounts - T1078 Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	3b6cb5e9-7b15-4eb4-b5f8-c570b20afa7e
Fingerprint	b50091d9c5b78501
Analysis status	DONE
Considered CTI value	1
Text language
Published	Aug. 30, 2023, midnight
Added to db	Oct. 15, 2024, 10:01 p.m.
Last updated	Nov. 17, 2024, 6:54 p.m.
Headline	Earth Estries Targets Government, Tech for Cyberespionage
Title	Earth Estries Targets Government, Tech for Cyberespionage
Detected Hints/Tags/Attributes	95/2/74

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_in/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	Domain	34	file.io
Details	Domain	291	raw.githubusercontent.com
Details	Domain	3	value.name
Details	Domain	1174	gmail.com
Details	Domain	2	xanasoft.com
Details	Domain	3	nx2.microware-help.com
Details	Domain	3	east.smartpisang.com
Details	Domain	3	cdn728a66b0.smartlinkcorp.net
Details	Domain	3	cdn-6dd0035.oxcdntech.com
Details	Domain	2	vultr-dns.com
Details	Domain	99	qq.com
Details	Domain	2	rtsafetech.com
Details	Domain	2	keyplancorp.com
Details	Domain	2	trhammer.com
Details	Domain	2	rthtrade.com
Details	Domain	2	smartlinkcorp.net
Details	Domain	2	oxcdntech.com
Details	Domain	2	rtwebmaster.com
Details	Domain	2	mncdntech.com
Details	Domain	2	substantialeconomy.com
Details	Domain	2	jptomorrow.com
Details	Domain	2	jttoday.net
Details	Domain	2	ns2.smartlinkcorp.net
Details	Domain	2	ns2.smartlinkcor.net
Details	Domain	2	digitelela.com
Details	Domain	2	z7-tech.com
Details	Domain	3	hammercdntech.com
Details	Domain	2	linkaircdn.com
Details	Domain	2	rtsoftcorp.com
Details	Domain	2	publicdnsau.com
Details	Domain	2	uswatchcorp.com
Details	Domain	2	anynucleus.com
Details	Domain	2	dns2021.net
Details	Domain	2	lyncidc.com
Details	Domain	1	use.cab
Details	Email	2	trillgamby@gmail.com
Details	Email	2	3280132818@qq.com
Details	Email	2	3087384364@qq.com
Details	File	93	curl.exe
Details	File	19	mpclient.dll
Details	File	24	msseces.exe
Details	File	32	expand.exe
Details	File	153	config.json
Details	File	4	k7avmscn.exe
Details	File	6	k7avwscn.dll
Details	File	4	taskhask.doc
Details	File	4	taskhask.dat
Details	File	2	ijplmui.exe
Details	File	2	ijplmcom.dll
Details	File	4	brdifxapi.exe
Details	File	7	brlogapi.dll
Details	File	2	brlogapi64.dll
Details	File	2	imfsbcrypto.exe
Details	File	2	imfsbdll.dll
Details	File	2	k7tsvlog.exe
Details	File	4	k7ui.dll
Details	File	10	k7sysmon.exe
Details	File	11	k7sysmn1.dll
Details	File	2	iisexpresstray.exe
Details	File	68	mscoree.dll
Details	File	2	seanalyzertool.exe
Details	File	20	msimg32.dll
Details	File	3	jps.exe
Details	File	19	jli.dll
Details	File	2	graphics-check.exe
Details	File	11	sfc.exe
Details	File	14	dxgi.dll
Details	File	5	sandboxiebits.exe
Details	File	83	sbiedll.dll
Details	File	1	use.cab
Details	sha1	2	7c809b4866086ef7fb1ab722f94df5af493b80db
Details	IPv4	2	103.133.137.157
Details	Threat Actor Identifier - APT	522	APT41
Details	Url	2	https://raw.githubusercontent.com/trillgb/codebox/main/config.json