ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > Subgroup: Earth Freybug

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: Subgroup: Earth Freybug

NamesEarth Freybug (Trend Micro)
CountryChina China
MotivationInformation theft and espionage
First seen2012
DescriptionA subgroup of APT 41.

(Trend Micro) Earth Freybug is a cyberthreat group that has been active since at least 2012 that focuses on espionage and financially motivated activities. It has been observed to target organizations from various sectors across different countries. Earth Freybug actors use a diverse range of tools and techniques, including LOLBins and custom malware. This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware we’ve discovered and dubbed UNAPIMON.
Observed
Tools usedUNAPIMON, Living off the Land.
Information<https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html>

Last change to this card: 22 April 2024

Download this actor card in PDF or JSON format

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]