In this entry, we reveal two campaigns by Earth Longzhi from 2020 to 2022 and introduce some of the group’s arsenal in these campaigns.
TAGS: cobalt strike, apt41, earth longhzhi, malware, croxloader, mimikatz, procburner, avburner, printnightmare, printspoofer
ADVERSARY: Earth Longzhi
INDUSTRIES: Healthcare, Aviation, Defense, Banking, Government
MALWARE FAMILIES: Cobalt Strike, procburner, avburner
ATT&CK IDS: T1056 - Input Capture, T1562 - Impair Defenses, T1546 - Event Triggered Execution, T1566 - Phishing, T1027 - Obfuscated Files or Information, T1055 - Process Injection, T1193 - Spearphishing Attachment, T1190 - Exploit Public-Facing Application, T1055 - Process Injection, T1211 - Exploitation for Defense Evasion, T1547 - Boot or Logon Autostart Execution, T1068 - Exploitation for Privilege Escalation, T1003.001 - LSASS Memory, T1503 - Credentials from Web Browsers
Read More:
Comments