Earth Baku Returns: Uncovering the Upgraded Toolset Behind the APT Group’s New Cyberespionage Campaign - Security News
Tags
country: Malaysia India Indonesia Philippines Vietnam Taiwan
attack-pattern: Hardware - T1592.001 Installutil - T1218.004 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Process Hollowing - T1055.012 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Shell - T1505.003 Installutil - T1118 Process Hollowing - T1093 Scheduled Task - T1053 Web Shell - T1100
Show in Graph
Common Information
Type Value
UUID 9eb2aff3-c494-413b-9dd2-e86e3ed07901
Fingerprint b5500813b5ed8f8b
Analysis status DONE
Considered CTI value 1
Text language
Published Aug. 24, 2021, midnight
Added to db April 15, 2023, 12:56 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Earth Baku Returns: Uncovering the Upgraded Toolset Behind the APT Group’s New Cyberespionage Campaign
Title Earth Baku Returns: Uncovering the Upgraded Toolset Behind the APT Group’s New Cyberespionage Campaign - Security News
Detected Hints/Tags/Attributes 44/2/5
Source URLs
Redirection Url
Details Source https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/earth-baku-returns
URL Provider
Details Provider Source level domain
Details trendmicro.com www.trendmicro.com
Attributes
Details Type #Events CTI Value
Details CVE 184 
cve-2021-26855
Details File 83 
installutil.exe
Details File 51 
install.bat
Details File 7 
storesyncsvc.dll
Details Threat Actor Identifier - APT 522 
APT41