 |
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
|
สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์ Electronic Transactions Development Agency |
Tool: HemiGate| Names | HemiGate | |
| Category | Malware | |
| Type | Backdoor | |
| Description | (Trend Micro) HemiGate is a backdoor used by Earth Estries. Like most of the tools used by this threat actor, this backdoor is also executed via DLL sideloading using one of the loaders that support interchangeable payloads. K7AVMScn.exe from K7 Computing is the sideloading host utilized by this backdoor, while the loader poses as K7AVWScn.dll. The main backdoor is an encrypted file named taskhask.doc, and another encrypted file named taskhask.dat serves as the configuration file. | |
| Information | <https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html> <https://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.hemigate> | |
Last change to this tool card: 27 December 2024
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | Salt Typhoon, GhostEmperor |  | 2020-Dec 2024  | ||
1 group listed (1 APT, 0 other, 0 unknown)
|
Digital Service Security Center Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1227 | |
 |
[email protected] | |