Earth Estries  (Back to overview)

Trend Micro found that Earth Estries relies heavily on DLL sideloading to load various tools within its arsenal. Aside from the backdoors previously mentioned, this intrusion set also utilizes commonly used remote control tools like Cobalt Strike, PlugX, or Meterpreter stagers interchangeably in various attack stages. These tools come as encrypted payloads loaded by custom loader DLLs.

Associated Families

2024-01-25JSAC 2024Hara Hiroaki, Kawakami Ryonosuke, Shota Nakajima
The Secret Life of RATs: connecting the dots by dissecting multiple backdoors
DracuLoader GroundPeony HemiGate PlugX
2023-09-21Sentinel LABSTom Hegel
Cyber Soft Power | China’s Continental Takeover
Earth Estries
2023-08-30Trend MicroGilbert Sison, Hara Hiroaki, Lenart Bermejo, Leon M Chang, Ted Lee
Earth Estries Targets Government, Tech for Cyberespionage
Cobalt Strike HemiGate Earth Estries

Credits: MISP Project