ioc[.]one - OSINT Cyber Threat Intelligence Database

Earth Zhulong Familiar Patterns Target Southeast Asian Firms

Tags

cmtmf-attack-pattern:	Application Layer Protocol Process Injection
country:	Philippines Vietnam U.S. Virgin Islands
attack-pattern:	Data Application Layer Protocol - T1437 Dll Side-Loading - T1574.002 Domain Or Tenant Policy Modification - T1484 Domain Trust Discovery - T1482 Downgrade Attack - T1562.010 External Proxy - T1090.002 Hijack Execution Flow - T1625 Hijack Execution Flow - T1574 Internal Proxy - T1090.001 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Process Injection - T1631 Python - T1059.006 Rundll32 - T1218.011 Scheduled Task - T1053.005 Server - T1583.004 Server - T1584.004 Timestomp - T1070.006 Web Protocols - T1071.001 Web Protocols - T1437.001 Tool - T1588.002 Account Discovery - T1087 Standard Application Layer Protocol - T1071 Connection Proxy - T1090 Deobfuscate/Decode Files Or Information - T1140 Dll Side-Loading - T1073 Indicator Removal On Host - T1070 Powershell - T1086 Process Injection - T1055 Rundll32 - T1085 Scheduled Task - T1053 Valid Accounts - T1078 Timestomp - T1099 User Execution - T1204 User Execution

Show in Graph

Common Information

Type	Value
UUID	b5206183-82fb-4570-86b4-9fabc9f6e6f0
Fingerprint	b57481eb96bb8752
Analysis status	DONE
Considered CTI value	2
Text language
Published	Feb. 8, 2023, midnight
Added to db	Feb. 17, 2023, 2:52 p.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Earth Zhulong: Familiar Patterns Target Southeast Asian Firms
Title	Earth Zhulong Familiar Patterns Target Southeast Asian Firms
Detected Hints/Tags/Attributes	102/3/21

Source URLs

	Redirection	Url
Details	Source	https://www.trendmicro.com/en_us/research/23/b/earth-zhulong-familiar-patterns-target-southeast-asian-firms.html

URL Provider

Details	Provider	Source level domain
Details	trendmicro.com	www.trendmicro.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	119	✔	Trend Micro Research, News and Perspectives	https://feeds.feedburner.com/TrendMicroSimplySecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	File	1018	rundll32.exe
Details	File	1	co.ps1
Details	File	25	win.exe
Details	File	1	gm.dll
Details	File	1	medil.xml
Details	File	3	gtn.dll
Details	MITRE ATT&CK Techniques	179	T1087
Details	MITRE ATT&CK Techniques	124	T1482
Details	MITRE ATT&CK Techniques	365	T1204.002
Details	MITRE ATT&CK Techniques	227	T1574.002
Details	MITRE ATT&CK Techniques	440	T1055
Details	MITRE ATT&CK Techniques	93	T1070.006
Details	MITRE ATT&CK Techniques	504	T1140
Details	MITRE ATT&CK Techniques	247	T1070
Details	MITRE ATT&CK Techniques	4	T1562.010
Details	MITRE ATT&CK Techniques	275	T1053.005
Details	MITRE ATT&CK Techniques	39	T1484
Details	MITRE ATT&CK Techniques	306	T1078
Details	MITRE ATT&CK Techniques	442	T1071.001
Details	MITRE ATT&CK Techniques	35	T1090.001
Details	MITRE ATT&CK Techniques	36	T1090.002