"in following section. earth estries and earth naga ’ s joint operation figure 1 illustrates the attack infection chain we have constructed based on incidents observed within a southeast asian government entity earlier this year. these events, which bear strong ties to the activit…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1003.001LSASS Memory
93%
"with different dll filenames being side - loaded : - bdreinit. exe - legitimate executable signed by bitdefender vulnerable to dll side - loading - wer. dll - malicious dll loading the encrypted shadowpad payload - 36eb6076. tmp or a30429d0. tmp - encrypted shadowpad payload, enc…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1055.001Dynamic-link Library Injection
87%
"##pad - a malware family used by multiple advanced china - aligned threat actors the crowdoor infection flow is as follows : logserver. exe - > version. dll - > logserver ( payload ) - logserver. exe - legitimate microsoft launcher vulnerable to dll side - loading - version. dll …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071.001Web Protocols
82%
"##185df7e4 [. ] ap - southeast - mnl [. ] timcorpnet [. ] com - resolved c & c ip address : 103 [. ] 175 [. ] 16 [. ] 77 this activity suggests a possible linkage or operational overlap between crowdoor and shadowpad toolsets, potentially indicating shared infrastructure or a coo…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
70%
"and late july of this year, we detected attempts by earth estries and earth naga to gain access to at least two top telecommunications providers located in the apac region and nato member countries. both earth estries and earth naga have demonstrated distinct, long - term targeti…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1071Application Layer Protocol
42%
"##185df7e4 [. ] ap - southeast - mnl [. ] timcorpnet [. ] com - resolved c & c ip address : 103 [. ] 175 [. ] 16 [. ] 77 this activity suggests a possible linkage or operational overlap between crowdoor and shadowpad toolsets, potentially indicating shared infrastructure or a coo…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1021.002SMB/Windows Admin Shares
39%
"2025, multiple earth estries - related toolsets were discovered on several internal machines. due to space limitations, we highlight the four most significant infected hosts : in figuer 1, these are labelled as infected machine a, b, c, and d. 3. deployment of shadowpad via multi…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Trend™ Research examines the complex collaborative relationship between China-aligned APT groups via the new “Premier Pass-as-a-Service” model, exemplified by the recent activities of Earth Estries and Earth Naga.