Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear

May 21, 2024, 11:37 a.m.

Description

This comprehensive analysis delves into the continuous evolution and refinement of sophisticated malware entities employed by a persistent cyberespionage group targeting organizations in the Asia-Pacific region. The malware, known as Waterbear and its latest iteration, Deuterbear, have undergone significant enhancements, incorporating anti-analysis mechanisms, complex encryption routines, and evasion techniques. The report provides an in-depth examination of the malware's attack chains, tactics, techniques, and procedures, shedding light on the group's advanced capabilities and relentless efforts to maintain a stealthy presence within compromised environments.

External References

https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/d/cyberespionage-group-earth-hundun%27s-continuous-refinement-of-waterbear-and-deuterbear/ioc-earth-hundun.txt
https://www.trendmicro.com/en_ph/research/24/d/earth-hundun-waterbear-deuterbear.html
https://otx.alienvault.com/pulse/664c845591d8e888e83af16f
Tags
malware
evasion
anti-analysis
encryption
2024-05-21
cyberespionage
deuterbear
waterbear

Date

  • Created: May 21, 2024, 11:24 a.m.
  • Published: May 21, 2024, 11:24 a.m.
  • Modified: May 21, 2024, 11:37 a.m.

Indicators

  • e669aaf63552430c6b7c6bd158bcd1e7a11091c164eb034319e1188d43b5490c
  • e483cae34eb1e246c3dd4552b2e71614d4df53dc0bac06076442ffc7ac2e06b2
  • dc60d8b1eff66bfb91573c8f825695e27b0813a9891bd0541d9ff6a3ae7e8cf2
  • d6ac4f364b25365eb4a5636beffc836243743ecf7ef4ec391252119aed924cab
  • d665aea7899ad317baf1b6e662f40a10d42045865f9eea1ab18993b50dd8942d
  • ca0423851ee2aa3013fe74666a965c2312e42d040dbfff86595eb530be3e963f
  • c97e8075466cf91623b1caa1747a6c5ee38c2d0341e0a3a2fa8fcf5a2e6ad3a6
  • ab8d60e121d6f121c250208987beb6b53d4000bc861e60b093cf5c389e8e7162
  • a569df3c46f3816d006a40046dae0eb1bc3f9f1d4d3799703070390e195f6dd4
  • 8f26069b6b49391f245b8551aa42ca4814c52e7f52d0343916f5262557bf5c52
  • 74efa0ce94f4285404108d3d19bf2ff64c7c3a1c85e9b59cf511b56f9d71dc05
  • 6dcc3af7c67403eaae3d5af2f057f0bb553d56ec746ff4cb7c03311e34343ebd
  • 4540132def6dfa6d181cabf1e1689bede5ecfef6450b033fecb0aeb1fe1b3fe9
  • 0da9661ed1e73a58bd1005187ad9251bcdea317ca59565753d86ccf1e56927b8
  • 6b9a14d4d9230e038ffd9e1f5fd0d3065ff0a78b52ab338644462864740c2241
  • http://suitsvm003.rchitecture.org:443
  • http://smartclouds.gelatosg.com:443
  • http://showgyella.quadrantbd.com:443
  • http://rscvmogt.taishanlaw.com:443
  • http://freeprous.bakhell.com:443
  • http://cloudsrm.gelatosg.com:443
  • http://cloudflaread.quadrantbd.com:443
  • suitsvm003.rchitecture.org
  • smartclouds.gelatosg.com
  • showgyella.quadrantbd.com
  • rscvmogt.taishanlaw.com
  • freeprous.bakhell.com
  • cloudsrm.gelatosg.com
  • cloudflaread.quadrantbd.com
Download all indicators here!

Attack Patterns

  • Deuterbear
  • Waterbear - S0579
  • Earth Hundun

Additional Informations

  • Technology
  • Government