Earth Baxia Attack Detection: China-Backed Hackers Use Spear-Phishing, Exploit the GeoServer Vulnerability (CVE-2024-36401), and Apply a New EAGLEDOOR Malware to Target APAC - SOC Prime
Tags
cmtmf-attack-pattern: Exploit Public-Facing Application
country: China North Korea Iran South Korea Thailand Philippines Vietnam Taiwan
attack-pattern: Data Appdomainmanager - T1574.014 Cloud Services - T1021.007 Exploit Public-Facing Application - T1377 Exploits - T1587.004 Exploits - T1588.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Tool - T1588.002 Exploit Public-Facing Application - T1190 Exploit Public-Facing Application
Show in Graph
Common Information
Type Value
UUID 6cf25a67-9de9-46bf-a85c-bacbe988db64
Fingerprint b4c98d8102d78f29
Analysis status DONE
Considered CTI value 2
Text language
Published Sept. 23, 2024, 12:50 p.m.
Added to db Sept. 23, 2024, 3:33 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Earth Baxia Attack Detection: China-Backed Hackers Use Spear-Phishing, Exploit the GeoServer Vulnerability (CVE-2024-36401), and Apply a New EAGLEDOOR Malware to Target APAC
Title Earth Baxia Attack Detection: China-Backed Hackers Use Spear-Phishing, Exploit the GeoServer Vulnerability (CVE-2024-36401), and Apply a New EAGLEDOOR Malware to Target APAC - SOC Prime
Detected Hints/Tags/Attributes 63/3/5
Source URLs
Redirection Url
Details Source https://socprime.com/blog/earth-baxia-attack-detection/
URL Provider
Details Provider Source level domain
Details socprime.com socprime.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 237 SOC Prime https://socprime.com/feed/ 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 56 
cve-2024-36401
Details CVE 1 
cve-2024-306401
Details Mandiant Uncategorized Groups 52 
UNC3886
Details Threat Actor Identifier - APT 143 
APT40
Details Threat Actor Identifier - APT 522 
APT41