ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool Farseer

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: Farseer

NamesFarseer
CategoryMalware
TypeBackdoor
Description(Palo Alto) The threat actors behind Farseer, and related malware including HenBox, continue to grow their armoury with the addition of this previously-unknown malware family. The overlapping infrastructure, shared TTPs and similarities in malicious code and configurations highlights the web of threats used to target victims in and around the South East Asia region and perhaps beyond.

Farseer payloads are backdoors that beacon to pre-configured C2 servers for instructions. The malware uses various techniques to evade detection and inhibit analysis. For example, DLL sideloading using trusted, signed executables allows the malware to execute rather seamlessly; some payloads are encrypted on disk preventing analysis, especially as decompression and decryption occurs at runtime, in-memory, where code is further altered to thwart forensic analysis.

Whereas HenBox posed a threat for devices running Android, Farseer is built to target Windows, which appears to be more typical given previous threats seen from the group or groups behind this, and related malware.
Information<https://unit42.paloaltonetworks.com/farseer-previously-unknown-malware-family-bolsters-the-chinese-armoury/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.farseer>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:Farseer>

Last change to this tool card: 23 April 2020

Download this tool card in JSON format

All groups using tool Farseer

ChangedNameCountryObserved

APT groups

XMustang Panda, Bronze PresidentChina2012-Nov 2023 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]