← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Earth Baku Expands Cyber Espionage Operations to Europe and the Middle East
WHITE Earth Baku eric.ford 2024-08-13 Modified: 2024-09-12
75
IOCs
HIGH VOLUME
Earth Baku, a cyber espionage group linked to Chinese-linked APT41, has expanded its reach into Europe, the Middle East, and Africa, targeting key sectors with advanced malware. This escalation highlights Earth Baku's global reach and underscores the severe risks posed by state-sponsored cyber threats to various industries worldwide, demanding urgent and enhanced cybersecurity measures.
threattype/threat actorthreattype/chinese threat actorthreattype/vulnerability exploitationtechnology/iis serversthreattype/Malwarethreatactor/Earth Bakumalware/Godzillamalwaretype/WebShellmalware/StealthVectormalware/StealthReachmalware/Cobalt Strikemalware/SneakCrossindustry/Health Care and Social Assistanceindustry/Informationindustry/Educational Servicesindustry/Public Administration
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
Godzilla StealthVector StealthReacher SneakCross Cobalt Strike iox tool Rakshasa Tailscale MEGAcmd
Indicators of Compromise (75)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 133c8e7a7e7c03916caa299a8a317ed0 MD5 of cdcbd9c25e06ac6da5497fa19459d0007449ec1a3e6bc591334db6fb3598aecb 2024-08-13
FileHash-MD5 277f4c22e07449f418ccdbb5973e37c3 MD5 of 3e52c310c6556367ff9e18448bc41719e603d1cbbdafdcba736c6565529617b6 2024-08-13
FileHash-MD5 28072e4a3bc3376aba096045824f4c34 MD5 of 7f24bc080281d250ec88493e5803e488721a17c9382cd54ba8dfbcb785f23a88 2024-08-13
FileHash-MD5 28e01e0e53585ecf68b47f1b2f5bfd33 MD5 of 21fc0f50d545c0a373380934dc61c423c8a31d8c3e6eae4f8a35149ad9962d88 2024-08-13
FileHash-MD5 4141c4b827ff67c180096ff5f2cc1474 MD5 of e5f1360d4c299bb32e33e081115f2b520251a983af2ebc649b4b9b70308246fe 2024-08-13
FileHash-MD5 435236af1a14a41c6f1d95a4e0a922f1 MD5 of 7463700ec5768d4af6549028465f978059611555aa8e22e2b7c664b1cdbfa9ae 2024-08-13
FileHash-MD5 4a02c453f2f9d98636c34bbe711657ef MD5 of 83de8917bf0ac1d670acf27431015215db872b7291979312dd65e30d99806abb 2024-08-13
FileHash-MD5 571767b9fec7cf8df3617ea3f185512c MD5 of 07aa971f0791b06dd442d4c7a49c1d3d27a1cbb16602f731e870b5ef50edf69e 2024-08-13
FileHash-MD5 5a1987c2869cb2d8c443fb4512361451 MD5 of 8405d742405d3a6d3bda6bc49630dd5f3604a3d6ae27cbd533e425f8abbaafdc 2024-08-13
FileHash-MD5 72070b165d1f11bd4d009a81bf28a3e5 MD5 of 0faddbe1713455e3fc9777ec45adf07b28e24f4c3ddca37586c2aa6b539898c0 2024-08-13
FileHash-MD5 85d0b0a1e06a701e87bf00a5227d981e MD5 of ec10a9396dca694fe64366e0dab82d046cf92457f97efd50a68ceb85adef6b74 2024-08-13
FileHash-MD5 a19f479e4fb0e44eaf5cab415b6511a7 MD5 of e4360c0aa995e6e896b22bb7725a6c9b189be8606e7cbbc8b6e80c606358649d 2024-08-13
FileHash-MD5 bc85062de0f70afd44bb072b0b71a8cc MD5 of ab56501167fe689fe55f6e6ddc3bb91952299bd5c3ef004b02bf1c3b4061c7cf 2024-08-13
FileHash-MD5 bcac2cbda36019776d7861f12d9b59c4 MD5 of c02accc26a389397fb172f83258baa8a974986ffd706ba708a3b0a679f61be56 2024-08-13
FileHash-MD5 c33247bc3e7e8cb72133e47930e6ddad MD5 of 22a50cea6ad67a7e8582d2cd4cdc3eaaf57c0fbe8cd062a9b15710166e255a86 2024-08-13
FileHash-MD5 ce319131a8d246f3bc0204043393a161 MD5 of ec5a96f42aeccdf9a3ae4c3650689606c8539fd65c0b47f30887afecb901be43 2024-08-13
FileHash-MD5 cfce85548436fb89a83bf34dc17f325d MD5 of 073b35ecbd1833575fbfb1307654fc532fd938482e09426cfb0541ad87a04f75 2024-08-13
FileHash-MD5 d72f202c1d684c9a19f075290a60920f MD5 of c6a3a1ea84251aed908702a1f2a565496d583239c5f467f5dcd0cfc5bfb1a6db 2024-08-13
FileHash-MD5 e9625ce47b87085b66e0ee6e17ecb333 MD5 of a50f85c71b69563ba42bf04c937e1063244ca4957231d3adac76f1c96ab42d3c 2024-08-13
FileHash-MD5 e98b9e21928252332edf934f3d18ac21 MD5 of 7586e58a569c2a07d0b3a710616f48833a040bf3fc57628bbdec7fcb462d565a 2024-08-13
FileHash-MD5 ee7faba27a2c5f7acb5b06e94aa318e0 MD5 of 73eaba82ef1c502448e533007e92b1afa879b09f85f28b71648668ea62839ff5 2024-08-13
FileHash-MD5 f062183da590aba5e911d2392bc29181 MD5 of 166b6dcdac31f4bf51e4b20a7c3f7d4f7017ca0c30fa123d5591e25c3fa66107 2024-08-13
FileHash-MD5 f0953ed4a679b987a2da955788737602 MD5 of 1c88150ec85a07c3db5f18c5eedcb0b653467b897af01d690ed996e5e07ba8e3 2024-08-13
FileHash-MD5 f42867e74bbc41767bffacc0de7bfa5e MD5 of 7e63c6b9ab3b32beffbc1eb23d6ca7cc59616b0722f0dd4f0d893c0a1724f5d7 2024-08-13
FileHash-SHA1 00d2512b5596b4f1150cd13c284727a4fcb1d73e SHA1 of 7586e58a569c2a07d0b3a710616f48833a040bf3fc57628bbdec7fcb462d565a 2024-08-13
FileHash-SHA1 02c041f0c2632a4c4c2e71aca62176864e694e97 SHA1 of 3e52c310c6556367ff9e18448bc41719e603d1cbbdafdcba736c6565529617b6 2024-08-13
FileHash-SHA1 13c1c6752006667697cd4f72a2f1b8616af2b60e SHA1 of 7e63c6b9ab3b32beffbc1eb23d6ca7cc59616b0722f0dd4f0d893c0a1724f5d7 2024-08-13
FileHash-SHA1 144550355b3dfb67a0ef65dc7f69470b4faf4ca1 SHA1 of 73eaba82ef1c502448e533007e92b1afa879b09f85f28b71648668ea62839ff5 2024-08-13
FileHash-SHA1 171713de4cf01f45f230eefb0445f2b24d325120 SHA1 of ec5a96f42aeccdf9a3ae4c3650689606c8539fd65c0b47f30887afecb901be43 2024-08-13
FileHash-SHA1 2cc76a0434a1d489c1547c7021a3dd68499141c3 SHA1 of c6a3a1ea84251aed908702a1f2a565496d583239c5f467f5dcd0cfc5bfb1a6db 2024-08-13
FileHash-SHA1 2fce25afb8a29fcd526f61ba30f14dcc7ecfad3e SHA1 of 22a50cea6ad67a7e8582d2cd4cdc3eaaf57c0fbe8cd062a9b15710166e255a86 2024-08-13
FileHash-SHA1 3872c38625ca62de3bcbe29740c1a0b8921fcf48 SHA1 of 0faddbe1713455e3fc9777ec45adf07b28e24f4c3ddca37586c2aa6b539898c0 2024-08-13
FileHash-SHA1 54a0dd2003a6dfc5fd035ba3aabb9fd96b5bd09e SHA1 of c02accc26a389397fb172f83258baa8a974986ffd706ba708a3b0a679f61be56 2024-08-13
FileHash-SHA1 57a3fadcbc2ce9ddc362707dd35701f6bebc31a4 SHA1 of 8405d742405d3a6d3bda6bc49630dd5f3604a3d6ae27cbd533e425f8abbaafdc 2024-08-13
FileHash-SHA1 5b46b63e31f307757cedf305005ce9990a07cbf4 SHA1 of 1c88150ec85a07c3db5f18c5eedcb0b653467b897af01d690ed996e5e07ba8e3 2024-08-13
FileHash-SHA1 66fb63e6e49c2c201a0b6204e1d0269812a4b662 SHA1 of ab56501167fe689fe55f6e6ddc3bb91952299bd5c3ef004b02bf1c3b4061c7cf 2024-08-13
FileHash-SHA1 76272af32387bc29889813ab9557e9883dc13bf9 SHA1 of 7463700ec5768d4af6549028465f978059611555aa8e22e2b7c664b1cdbfa9ae 2024-08-13
FileHash-SHA1 8d8161a7fcd835781820e4921039525975f9324d SHA1 of a50f85c71b69563ba42bf04c937e1063244ca4957231d3adac76f1c96ab42d3c 2024-08-13
FileHash-SHA1 a555bb5b6b0e9edf49c4f6bfc8638f155dc1986a SHA1 of 7f24bc080281d250ec88493e5803e488721a17c9382cd54ba8dfbcb785f23a88 2024-08-13
FileHash-SHA1 ba6d77f358b4fa00dda5d0e2fdd21c761d154f95 SHA1 of 166b6dcdac31f4bf51e4b20a7c3f7d4f7017ca0c30fa123d5591e25c3fa66107 2024-08-13
FileHash-SHA1 be11eb2d3983319f078c5facbfe53756ddf86a44 SHA1 of 21fc0f50d545c0a373380934dc61c423c8a31d8c3e6eae4f8a35149ad9962d88 2024-08-13
FileHash-SHA1 c0ff4b7d197662188cff0565b0f0a343e55a77df SHA1 of e4360c0aa995e6e896b22bb7725a6c9b189be8606e7cbbc8b6e80c606358649d 2024-08-13
FileHash-SHA1 cafb4ce45cf475fdcbd95d1c6775d3e0352b4401 SHA1 of 07aa971f0791b06dd442d4c7a49c1d3d27a1cbb16602f731e870b5ef50edf69e 2024-08-13
FileHash-SHA1 cf3be68fb08b58b8ee856cd44b02e82e6122f123 SHA1 of 83de8917bf0ac1d670acf27431015215db872b7291979312dd65e30d99806abb 2024-08-13
FileHash-SHA1 cffd1a3dcb04f437dd19892ef5684deff7b1961a SHA1 of ec10a9396dca694fe64366e0dab82d046cf92457f97efd50a68ceb85adef6b74 2024-08-13
FileHash-SHA1 d3fdf103e8585192452bb43e902f009c7bc066a3 SHA1 of e5f1360d4c299bb32e33e081115f2b520251a983af2ebc649b4b9b70308246fe 2024-08-13
FileHash-SHA1 df2ebd205e1ad722a6255badbca2496583764507 SHA1 of 073b35ecbd1833575fbfb1307654fc532fd938482e09426cfb0541ad87a04f75 2024-08-13
FileHash-SHA1 e7e516b95774adf28ad6a94f11cc85086345d22e SHA1 of cdcbd9c25e06ac6da5497fa19459d0007449ec1a3e6bc591334db6fb3598aecb 2024-08-13
FileHash-SHA256 073b35ecbd1833575fbfb1307654fc532fd938482e09426cfb0541ad87a04f75 2024-08-13
FileHash-SHA256 07aa971f0791b06dd442d4c7a49c1d3d27a1cbb16602f731e870b5ef50edf69e 2024-08-13
FileHash-SHA256 0faddbe1713455e3fc9777ec45adf07b28e24f4c3ddca37586c2aa6b539898c0 2024-08-13
FileHash-SHA256 166b6dcdac31f4bf51e4b20a7c3f7d4f7017ca0c30fa123d5591e25c3fa66107 2024-08-13
FileHash-SHA256 1c88150ec85a07c3db5f18c5eedcb0b653467b897af01d690ed996e5e07ba8e3 2024-08-13
FileHash-SHA256 21fc0f50d545c0a373380934dc61c423c8a31d8c3e6eae4f8a35149ad9962d88 2024-08-13
FileHash-SHA256 22a50cea6ad67a7e8582d2cd4cdc3eaaf57c0fbe8cd062a9b15710166e255a86 2024-08-13
FileHash-SHA256 3e52c310c6556367ff9e18448bc41719e603d1cbbdafdcba736c6565529617b6 2024-08-13
FileHash-SHA256 73eaba82ef1c502448e533007e92b1afa879b09f85f28b71648668ea62839ff5 2024-08-13
FileHash-SHA256 7463700ec5768d4af6549028465f978059611555aa8e22e2b7c664b1cdbfa9ae 2024-08-13
FileHash-SHA256 7586e58a569c2a07d0b3a710616f48833a040bf3fc57628bbdec7fcb462d565a 2024-08-13
FileHash-SHA256 7e63c6b9ab3b32beffbc1eb23d6ca7cc59616b0722f0dd4f0d893c0a1724f5d7 2024-08-13
FileHash-SHA256 7f24bc080281d250ec88493e5803e488721a17c9382cd54ba8dfbcb785f23a88 2024-08-13
FileHash-SHA256 83de8917bf0ac1d670acf27431015215db872b7291979312dd65e30d99806abb 2024-08-13
FileHash-SHA256 8405d742405d3a6d3bda6bc49630dd5f3604a3d6ae27cbd533e425f8abbaafdc 2024-08-13
FileHash-SHA256 a50f85c71b69563ba42bf04c937e1063244ca4957231d3adac76f1c96ab42d3c 2024-08-13
FileHash-SHA256 ab56501167fe689fe55f6e6ddc3bb91952299bd5c3ef004b02bf1c3b4061c7cf 2024-08-13
FileHash-SHA256 c02accc26a389397fb172f83258baa8a974986ffd706ba708a3b0a679f61be56 2024-08-13
FileHash-SHA256 c6a3a1ea84251aed908702a1f2a565496d583239c5f467f5dcd0cfc5bfb1a6db 2024-08-13
FileHash-SHA256 cdcbd9c25e06ac6da5497fa19459d0007449ec1a3e6bc591334db6fb3598aecb 2024-08-13
FileHash-SHA256 e4360c0aa995e6e896b22bb7725a6c9b189be8606e7cbbc8b6e80c606358649d 2024-08-13
FileHash-SHA256 e5f1360d4c299bb32e33e081115f2b520251a983af2ebc649b4b9b70308246fe 2024-08-13
FileHash-SHA256 ec10a9396dca694fe64366e0dab82d046cf92457f97efd50a68ceb85adef6b74 2024-08-13
FileHash-SHA256 ec5a96f42aeccdf9a3ae4c3650689606c8539fd65c0b47f30887afecb901be43 2024-08-13
hostname track.cdn78544.ru 2024-08-13
hostname www.mircoupdate.https443.net 2024-08-13
hostname www.sitennews.com 2024-08-13
References (2)
↗ https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html ↗ https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/h/earth-baku/ioc-a-dive-into-earth-baku-latest-campaign.txt