{ "name": "Earth Preta Evolves its Attacks with New Malware and Strategies", "slug": "earth-preta-evolves-its-attacks-with-new-malware-and-strategies", "description": "Trend Micros discusses analysis of Earth Preta\u2019s enhancements in their attacks by introducing new tools, malware variants and strategies to their worm-based attacks and their time-sensitive spear-phishing campaign.", "published": "2024-09-10T18:58:01+00:00", "created_at": "2024-09-10T18:58:01+00:00", "modified_at": "2024-09-10T19:40:24+00:00", "created_at_opencti": "2024-09-10T18:58:01+00:00", "author": "", "confidence": null, "report_types": [], "labels": [], "tags": [ "2024-09-10", "earth preta", "execution", "fdmtp", "fdmtp c", "find", "hiupan", "indonesia", "malware", "persistence", "plugx", "plugx c", "preta", "pubload", "pubload c", "pullbait", "trojanspy", "winrar" ], "related_entities": { "observables": [ { "id": "", "name": "47.253.106.177" }, { "id": "", "name": "103.15.29.17" }, { "id": "", "name": "47.76.87.55" }, { "id": "", "name": "154.90.32.88" }, { "id": "", "name": "www.ynsins.com" }, { "id": "", "name": "www.bcller.com" }, { "id": "", "name": "www.aihkstore.com" }, { "id": "", "name": "fd68b49acf9234a8592497ef1d675acd57c6a67c6975313772d12c837f3264d1" }, { "id": "", "name": "f67ce881d31e7475d3bd70cad8bdc8fe0e8fd5f66b87ede0e49109395f7033aa" }, { "id": "", "name": "f452b787e47493e89078e884bf92c61626e6ff4b9bc8eee8ae3728ddc65b7e46" }, { "id": "", "name": "ee986beeb058ec27d0dad9a0a671bbabaa56057102faf30f63397bdbe7fca81f" }, { "id": "", "name": "ea18df47214ac1f96a75b1dffbe510b2855197490bc65f47886b25fc7e8aca15" }, { "id": "", "name": "e2f4b2d71e02b49a2721a88eea7bf7308143ee55d7d8119e5e291eafd4859af5" }, { "id": "", "name": "de08f83a5d2421c86573dfb968293c776a830d900af2bc735d2ecd7e77961aaf" }, { "id": "", "name": "d8747574251c8b4ab8da4050ba9e1f6e8dbbaa38f496317b23da366e25d3028a" }, { "id": "", "name": "df0e16a29c9dffe2ff7b3d4c957af7459fd7e6fa8026d067202912b997773749" }, { "id": "", "name": "d69a4a7aa3144ee7ec35e7c3a3a4220f5a43bc29cc4cfa0f27fef60b4d93de8d" }, { "id": "", "name": "d32d7e86ed97509289fff89a78895904cf07a82824c053bfaf1bc5de3f3ba791" }, { "id": "", "name": "c662f5c851314d952cf3594232a7db5b96cb528716cd71bf38393b647cfd4c82" }, { "id": "", "name": "b37b244595cac817a8f8dba24fbea208205e1d1321651237fe24fdcfac4f8ffc" }, { "id": "", "name": "b63bc07202491a4dcd34cc419351edb2f2c395b2671d7acf7bfc88abada344ec" }, { "id": "", "name": "afed5635fa6d63b158fc408d5048bf2dafd6da210a98f308c02c94514ae28fc8" }, { "id": "", "name": "a062fafaff556b17a5ccb035c8c7b9d2015722d86a186b6b186a9c63eeb4308a" }, { "id": "", "name": "9dd62afdb4938962af9ff1623a0aa5aaa9239bcb1c7d6216f5363d14410a3369" }, { "id": "", "name": "99071b9df19024480e1b6d7049e6713486418759b7f0191643776bd0ac08172b" }, { "id": "", "name": "8ebb12d253a4b4c28435b25478abb590e94bdb55b83c55cda6d44c58a03bf9be" }, { "id": "", "name": "959fd255338558d02c567680625d88f5c48e43827bbb1c408f2d43b01807809a" }, { "id": "", "name": "7c520353045a15571061c3f6ae334e5f854d441bab417ebf497f21f5a8bc6925" }, { "id": "", "name": "756b9d6f50bd56adca1fa3d48ff07edf8ee3cc568fb32cbdd892403670343b43" }, { "id": "", "name": "71f114842c30e94c95e57ad394969d5766ca28d056dc724c9820717cf03eb0fe" }, { "id": "", "name": "586632c8bb5890c760efc21662105e649177deaf2b2c2eef3ede1da088f23a6c" }, { "id": "", "name": "565fa2992212c89bdec334c0fd318b3fd2c91707431fd8186016f11645925892" }, { "id": "", "name": "56cb16589ab852de4900496ef74212c17902867e90253b4d9d7f335ef7d45a7b" }, { "id": "", "name": "533f47bc4997eed0491f58f24d45c7850cb460da252de90635938e095b5fc213" }, { "id": "", "name": "466684ad5755c9ee6080ff2a01646824c63a90d3e5be923581b89c707267e79f" }, { "id": "", "name": "44d2d35ca87bf4292e4586bd08f3fe51d3fff693fed2f9795ff49733338ae8a7" }, { "id": "", "name": "3b9ef9701ea2b2c1a89489ed0ed43ffabec9e22b587470899c0d5aca1a1e4302" }, { "id": "", "name": "3514d2e74b476e1569bbf3311934809c6f8e97df5c9669a5fe475e508886df9f" }, { "id": "", "name": "3278c06b5510edabb3318aa1892eb7e426e97946b86eea925965a46ba1725ebd" }, { "id": "", "name": "2e44ebe8d864ae19446d0853c51e471489c0893fc5ae2e042c01c7f232d2a2c2" }, { "id": "", "name": "14a9a74298408c65cb387574ffa8827abd257aa2b76f87efbaa1ee46e8763c57" } ], "malware": [ { "id": "legacy:malware:5af137d9298e4179", "name": "FDMTP", "slug": "fdmtp" }, { "id": "legacy:malware:c38cb9b54a3ef5fa", "name": "HIUPAN", "slug": "hiupan" }, { "id": "legacy:malware:6dfc6d05e4217f2b", "name": "DOWNBAIT", "slug": "downbait" }, { "id": "legacy:malware:671205e14167510d", "name": "PULLBAIT", "slug": "pullbait" }, { "id": "legacy:malware:50f27926232c4ac4", "name": "CBROVER", "slug": "cbrover" }, { "id": "legacy:malware:4304bec834209930", "name": "TrojanSpy", "slug": "trojanspy" }, { "id": "legacy:malware:3460f9c45de58af2", "name": "PlugX", "slug": "plugx" } ], "attack_patterns": [ { "id": "0ca071fb-4f52-4672-b64a-75deff57d874", "name": "T1048" }, { "id": "99a1fb98-1a01-485b-b90a-a9f362f41a84", "name": "T1091" }, { "id": "3bcbd7d0-6c9a-4d9b-8c71-ae338737bea1", "name": "T1480" }, { "id": "232fbdfa-94c6-443d-b575-373e75b4f4c2", "name": "T1567" }, { "id": "97d377d8-89c7-48f8-a79f-0f48bd60df74", "name": "T1005" }, { "id": "dc17cbbd-40d8-43cf-b3cf-50d1276db2c7", "name": "T1016" }, { "id": "53b3b18c-d0d0-4bf6-bc6b-2c0ab9180deb", "name": "T1070" }, { "id": "6e4e21cc-92cf-4564-920e-d509bd22fd40", "name": "T1574" }, { "id": "926a888c-190c-4efb-ab6b-f9d7e6a0fc54", "name": "T1547" }, { "id": "29398669-98ed-4766-9dac-f9632f7175ff", "name": "T1518" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" }, { "id": "cbd87c8c-3bed-461a-acef-56ffc8b87571", "name": "T1105" }, { "id": "dc342445-1b78-48b4-aa06-89ed2ad7c28e", "name": "T1071" }, { "id": "c3af9fd7-d307-4df4-9220-cc627938fb85", "name": "T1055" }, { "id": "ccb28547-a340-4193-a5d9-69222f3d5051", "name": "T1049" }, { "id": "6aa7866f-9c1f-4159-938a-10a6adf41646", "name": "T1553" }, { "id": "31d29704-da1c-47ea-b93f-76d368813bdf", "name": "T1560" }, { "id": "bb20a9e1-f4f6-459d-94f4-470c6867dc2d", "name": "T1053" }, { "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d", "name": "T1566" }, { "id": "9b6064e6-a05b-4e95-baf5-34d180bc9221", "name": "T1059" } ], "others": [ { "id": "", "name": "Myanmar" }, { "id": "", "name": "Singapore" }, { "id": "", "name": "Taiwan" }, { "id": "", "name": "Viet Nam" }, { "id": "", "name": "Cambodia" }, { "id": "", "name": "Philippines" }, { "id": "", "name": "Foreign Affairs" }, { "id": "", "name": "Government" } ] }, "external_refs": [ "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/i/earth-preta-evolves-its-attacks-with-new-malware-and-strategies/IOC%20List%20-%20Earth%20Preta%20Evolves%20its%20Attacks%20with%20New%20Malware%20and%20Strategies.txt", "https://www.trendmicro.com/en_us/research/24/i/earth-preta-new-malware-and-strategies.html", "https://otx.alienvault.com/pulse/66e0b2d9658625d27ce577e2" ] }