ioc[.]one - OSINT Cyber Threat Intelligence Database

Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

Tags

cmtmf-attack-pattern:	Application Layer Protocol Boot Or Logon Autostart Execution Masquerading Obfuscated Files Or Information System Network Connections Discovery
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Application Layer Protocol - T1437 Binary Padding - T1027.001 Boot Or Logon Autostart Execution - T1547 Data From Local System - T1533 Debugger Evasion - T1622 Dll Side-Loading - T1574.002 Encrypted Channel - T1521 Encrypted Channel - T1573 Execution Guardrails - T1480 Execution Guardrails - T1627 File And Directory Discovery - T1420 Hardware - T1592.001 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Internet Connection Discovery - T1016.001 Internet Connection Discovery - T1422.001 Ip Addresses - T1590.005 System Network Configuration Discovery - T1422 System Network Connections Discovery - T1421 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Match Legitimate Name Or Location - T1036.005 Match Legitimate Name Or Location - T1655.001 Obfuscated Files Or Information - T1406 Process Discovery - T1424 System Information Discovery - T1426 Native Api - T1575 Non-Standard Encoding - T1132.002 Print Processors - T1547.012 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Protocols - T1071.001 Web Protocols - T1437.001 Virtualization/Sandbox Evasion - T1497 Time Based Evasion - T1497.003 Virtualization/Sandbox Evasion - T1633 Standard Application Layer Protocol - T1071 Binary Padding - T1009 Data Encoding - T1132 Data From Local System - T1005 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Execution Through Api - T1106 Execution Through Module Load - T1129 Exfiltration Over Command And Control Channel - T1041 File And Directory Discovery - T1083 Masquerading - T1036 Obfuscated Files Or Information - T1027 Process Discovery - T1057 Query Registry - T1012 System Information Discovery - T1082 System Network Configuration Discovery - T1016 System Network Connections Discovery - T1049 Masquerading

Show in Graph

Common Information

Type	Value
UUID	4e170ba4-cb68-44b9-9f9f-f6baa405daa8
Fingerprint	34b4783bec99a251
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 11, 2024, midnight
Added to db	Oct. 15, 2024, 3:41 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
Title	Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
Detected Hints/Tags/Attributes	121/3/24

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_ph/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_hk/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_my/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_ca/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_th/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_sg/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_ie/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_ae/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_be/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_au/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_se/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_nl/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_no/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_id/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_dk/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_nz/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_in/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_gb/research/24/d/earth-hundun-waterbear-deuterbear.html
Details	Source	https://www.trendmicro.com/en_fi/research/24/d/earth-hundun-waterbear-deuterbear.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

Attributes

Details	Type	#Events	Value
Details	sha256	1	6b9a14d4d9230e038ffd9e1f5fd0d3065ff0a78b52ab338644462864740c2241
Details	IPv4	4	192.168.11.2
Details	MITRE ATT&CK Techniques	120	T1129
Details	MITRE ATT&CK Techniques	239	T1106
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	7	T1547.012
Details	MITRE ATT&CK Techniques	34	T1027.001
Details	MITRE ATT&CK Techniques	183	T1036.005
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	48	T1480
Details	MITRE ATT&CK Techniques	57	T1497.003
Details	MITRE ATT&CK Techniques	52	T1622
Details	MITRE ATT&CK Techniques	585	T1083
Details	MITRE ATT&CK Techniques	42	T1016.001
Details	MITRE ATT&CK Techniques	119	T1049
Details	MITRE ATT&CK Techniques	433	T1057
Details	MITRE ATT&CK Techniques	1006	T1082
Details	MITRE ATT&CK Techniques	501	T1012
Details	MITRE ATT&CK Techniques	534	T1005
Details	MITRE ATT&CK Techniques	422	T1041
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	163	T1573
Details	MITRE ATT&CK Techniques	40	T1132.002
Details	Windows Registry Key	2	HKCU\Console\Quick\Edit