Earth Freybug

Threat Actor updated 4 months ago (2024-05-05T10:17:37.367Z)

Download STIX

Preview STIX

Earth Freybug is a threat actor that has been active since at least 2012, engaging in cyber espionage and financially motivated activities. It's considered a subset of APT41, a collective of Chinese threat groups known by various names such as Winnti, Wicked Panda, Barium, and Suckfly. Earth Freybug has been evolving its methods over time, demonstrating the use of diverse tools and techniques, including Living off the Land Binaries (LOLBins) and custom malware. In a recent incident investigated by Trend Micro, Earth Freybug was found to be employing dynamic-link library (DLL) hijacking and application programming interface (API) unhooking techniques. These methods were used to prevent child processes from being monitored, effectively bypassing security measures organizations might have put in place to track Windows APIs for malicious activity. The group used a multistaged approach to deliver a newly discovered malware, dubbed UNAPIMON, on target systems. The continued evolution and sophistication of Earth Freybug's tactics pose a significant cybersecurity threat. Their ability to adapt and develop new tools, such as the UNAPIMON malware, highlights the need for ongoing vigilance and advanced threat detection and response capabilities. As Earth Freybug is linked to China and has been identified as part of the larger APT41 group, understanding their operations can provide crucial insights into broader state-sponsored cyber-espionage activities.

Description last updated: 2024-05-05T09:58:08.527Z

What's your take? (Question 1 of 1)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
APT41	is related to	2	APT41, a threat actor attributed to China, has been actively targeting organizations in at least 14 countries since 2012. The group is known for its use of an extensive range of malware, with at least 46 different code families and tools observed in their operations. They are associated with various

Source Document References

Information about the Earth Freybug Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Preview	Source Link	CreatedAt	Title
	Trend Micro	5 months ago	Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
	DARKReading	5 months ago	China-Linked Threat Actor Hides Via 'Peculiar' Malware