Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

May 21, 2024, 11:37 a.m.

Tags
malware
evasion
anti-analysis
encryption
2024-05-21
cyberespionage
deuterbear
waterbear
External References
Description

This comprehensive analysis delves into the continuous evolution and refinement of sophisticated malware entities employed by a persistent cyberespionage group targeting organizations in the Asia-Pacific region. The malware, known as Waterbear and its latest iteration, Deuterbear, have undergone significant enhancements, incorporating anti-analysis mechanisms, complex encryption routines, and evasion techniques. The report provides an in-depth examination of the malware's attack chains, tactics, techniques, and procedures, shedding light on the group's advanced capabilities and relentless efforts to maintain a stealthy presence within compromised environments.

Date

Published: May 21, 2024, 11:24 a.m.

Created: May 21, 2024, 11:24 a.m.

Modified: May 21, 2024, 11:37 a.m.

Indicators

e669aaf63552430c6b7c6bd158bcd1e7a11091c164eb034319e1188d43b5490c

e483cae34eb1e246c3dd4552b2e71614d4df53dc0bac06076442ffc7ac2e06b2

dc60d8b1eff66bfb91573c8f825695e27b0813a9891bd0541d9ff6a3ae7e8cf2

d6ac4f364b25365eb4a5636beffc836243743ecf7ef4ec391252119aed924cab

d665aea7899ad317baf1b6e662f40a10d42045865f9eea1ab18993b50dd8942d

ca0423851ee2aa3013fe74666a965c2312e42d040dbfff86595eb530be3e963f

c97e8075466cf91623b1caa1747a6c5ee38c2d0341e0a3a2fa8fcf5a2e6ad3a6

ab8d60e121d6f121c250208987beb6b53d4000bc861e60b093cf5c389e8e7162

a569df3c46f3816d006a40046dae0eb1bc3f9f1d4d3799703070390e195f6dd4

8f26069b6b49391f245b8551aa42ca4814c52e7f52d0343916f5262557bf5c52

74efa0ce94f4285404108d3d19bf2ff64c7c3a1c85e9b59cf511b56f9d71dc05

6dcc3af7c67403eaae3d5af2f057f0bb553d56ec746ff4cb7c03311e34343ebd

4540132def6dfa6d181cabf1e1689bede5ecfef6450b033fecb0aeb1fe1b3fe9

0da9661ed1e73a58bd1005187ad9251bcdea317ca59565753d86ccf1e56927b8

6b9a14d4d9230e038ffd9e1f5fd0d3065ff0a78b52ab338644462864740c2241

http://suitsvm003.rchitecture.org:443

http://smartclouds.gelatosg.com:443

http://showgyella.quadrantbd.com:443

http://rscvmogt.taishanlaw.com:443

http://freeprous.bakhell.com:443

http://cloudsrm.gelatosg.com:443

http://cloudflaread.quadrantbd.com:443

Download all indicators here!

Attack Patterns

Deuterbear

Waterbear - S0579

Earth Hundun

Additional Informations

Technology

Government