Earth Freybug

Description

A subgroup of APT 41.

(Trend Micro) Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities. It has been observed to target organizations from various sectors across different countries. Earth Freybug actors use a diverse range of tools and techniques, including LOLBins and custom malware. This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.

Names

Name	Name-Giver
Earth Freybug	Trend Micro

Country

China

Motivation

Information theft and espionage

First Seen

2012

Tools

UNAPIMON
Living off the Land

Information

https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html

Other Information

Uuid

90c27362-1672-454d-aaba-afd974e76edc

Last Card Change

2024-04-22

Threat Intelligence Garden

Explorer

Earth Freybug

Earth Freybug

Description

Names

Country

Motivation

First Seen

Tools

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks