top of page
Search

Hack the Real Box: APT41’s New Subgroup Earth Longzhi

In this entry, we reveal two campaigns by Earth Longzhi from 2020 to 2022 and introduce some of the group’s arsenal in these campaigns.




ADVERSARY: Earth Longzhi



TARGETED COUNTRIES: China, Taiwan


MALWARE FAMILIES: Cobalt Strike, procburner, avburner


ATT&CK IDS: T1056 - Input Capture, T1562 - Impair Defenses, T1546 - Event Triggered Execution, T1566 - Phishing, T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1193 - Spearphishing Attachment, T1190 - Exploit Public-Facing Application, T1055 - Process Injection, T1211 - Exploitation for Defense Evasion, T1547 - Boot or Logon Autostart Execution, T1068 - Exploitation for Privilege Escalation, T1003.001 - LSASS Memory, T1503 - Credentials from Web Browsers


Read More:

0 views
bottom of page