Pulse Detail — Threat Intelligence

PULSE NAME

Earth Baku: An APT Group Targeting Indo-Pacific Countries With New Stealth Loaders and Backdoor

WHITE APT41 AlienVault 2021-09-10 Modified: 2024-08-16

IOCs

HIGH VOLUME

An APT group known as Earth Baku has updated its arsenal of malware tools to target companies in the Indo-Pacific region. Earth Baku, a cyberespionage and cybercriminal group, was charged by the US Department of Justice in August 2020 with computer intrusion offenses related to data theft, ransomware, and cryptocurrency mining attacks.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1190 T1566.001 T1059.003 T1059.005 T1569.002 T1053.005 T1574.002 T1055.012 T1562.006 T1027 T1218.004 T1036.003 T1027.002 T1573.001 T1071.001 T1071.004 T1090.004 T1105

MALWARE FAMILIES

StealthMutant ScrambleCross StealthVector Cobalt Strike - S0154

Indicators of Compromise (4 / 76 total)

All CVE FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	http://45.138.157.78:80	—	2021-09-10
URL	http://ns1.extrsports.ru:443	—	2021-09-10
URL	http://www.microsofthelp.dns1.us:443	—	2021-09-10
URL	http://www.twitterproxy.com:443	—	2021-09-10

References (1)

↗ https://documents.trendmicro.com/assets/white_papers/wp-earth-baku-an-apt-group-targeting-indo-pacific-countries.pdf