Tag: demodex

2 Attack Reports | 0 Vulnerabilities

Attack reports

Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions

Earth Estries, a Chinese APT group, has been aggressively targeting critical sectors globally since 2023. The group employs advanced techniques and multiple backdoors, including GHOSTSPIDER, SNAPPYBEE, and MASOL RAT, to compromise organizations in telecommunications, government, and other industrie…
government
telecommunications
demodex
crowdoor
2024-12-03
chinese apt
masol rat
sparrowdoor
snappybee
Published: December 3, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-26855, CVE-2023-48788, CVE-2022-3236, CVE-2021-26858, CVE-2021-26857, CVE-2021-27065
Downloadable IOCs: 57

The Return of Ghost Emperor’s Demodex

This document examines a recent infection chain utilized by the sophisticated China-nexus threat group GhostEmperor. It delves into the multi-stage loading process of the Demodex rootkit, which incorporates several obfuscation techniques and loading schemes. The analysis covers various components, …
rootkit
2024-08-08
demodex
ghost emperor
Published: August 8, 2024
Linked vulnerabilities : CVE-2024-20399
Downloadable IOCs: 3
Click here to see more Attack Reports