A Dive into Earth Baku’s Latest Campaign

    Tuesday, August 13, 2024 In: Threat Research Print

    Date: 08/12/2024

    Severity: Medium

    Summary

    "A Dive into Earth Baku’s Latest Campaign" explores a recent operation by the Earth Baku cyber espionage group. The campaign typically involves sophisticated cyber tactics to infiltrate networks and gather sensitive information. Earth Baku is known for its advanced persistent threat (APT) activities, targeting specific organizations or sectors with tailored malware and attack strategies. This summary focuses on their latest methods, targets, and impact.

    Indicators of Compromise (IOC) List

    URL/Domain

    www.sitennews.com

    www.mircoupdate.https443.net

    IP Address

    78.108.216.20

    5.182.207.28

    Hash

    e4360c0aa995e6e896b22bb7725a6c9b189be8606e7cbbc8b6e80c606358649d

7e63c6b9ab3b32beffbc1eb23d6ca7cc59616b0722f0dd4f0d893c0a1724f5d7

ab56501167fe689fe55f6e6ddc3bb91952299bd5c3ef004b02bf1c3b4061c7cf

0faddbe1713455e3fc9777ec45adf07b28e24f4c3ddca37586c2aa6b539898c0

7463700ec5768d4af6549028465f978059611555aa8e22e2b7c664b1cdbfa9ae

7f24bc080281d250ec88493e5803e488721a17c9382cd54ba8dfbcb785f23a88

07aa971f0791b06dd442d4c7a49c1d3d27a1cbb16602f731e870b5ef50edf69e

cdcbd9c25e06ac6da5497fa19459d0007449ec1a3e6bc591334db6fb3598aecb

83de8917bf0ac1d670acf27431015215db872b7291979312dd65e30d99806abb

ec10a9396dca694fe64366e0dab82d046cf92457f97efd50a68ceb85adef6b74

22a50cea6ad67a7e8582d2cd4cdc3eaaf57c0fbe8cd062a9b15710166e255a86

1c88150ec85a07c3db5f18c5eedcb0b653467b897af01d690ed996e5e07ba8e3

c6a3a1ea84251aed908702a1f2a565496d583239c5f467f5dcd0cfc5bfb1a6db

a50f85c71b69563ba42bf04c937e1063244ca4957231d3adac76f1c96ab42d3c

ec5a96f42aeccdf9a3ae4c3650689606c8539fd65c0b47f30887afecb901be43

73eaba82ef1c502448e533007e92b1afa879b09f85f28b71648668ea62839ff5

7586e58a569c2a07d0b3a710616f48833a040bf3fc57628bbdec7fcb462d565a

166b6dcdac31f4bf51e4b20a7c3f7d4f7017ca0c30fa123d5591e25c3fa66107

e5f1360d4c299bb32e33e081115f2b520251a983af2ebc649b4b9b70308246fe

c02accc26a389397fb172f83258baa8a974986ffd706ba708a3b0a679f61be56

21fc0f50d545c0a373380934dc61c423c8a31d8c3e6eae4f8a35149ad9962d88

073b35ecbd1833575fbfb1307654fc532fd938482e09426cfb0541ad87a04f75

3e52c310c6556367ff9e18448bc41719e603d1cbbdafdcba736c6565529617b6

8405d742405d3a6d3bda6bc49630dd5f3604a3d6ae27cbd533e425f8abbaafdc

    Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection

    URL/Domain

    userdomainname like "www.sitennews.com" or url like "www.sitennews.com" or userdomainname like "www.mircoupdate.https443.net" or url like "www.mircoupdate.https443.net"

    IP Address

    dstipaddress IN ("78.108.216.20","5.182.207.28") or ipaddress IN ("78.108.216.20","5.182.207.28") or publicipaddress IN ("78.108.216.20","5.182.207.28") or srcipaddress IN ("78.108.216.20","5.182.207.28")

    Hash

    sha256hash IN ("e4360c0aa995e6e896b22bb7725a6c9b189be8606e7cbbc8b6e80c606358649d","7e63c6b9ab3b32beffbc1eb23d6ca7cc59616b0722f0dd4f0d893c0a1724f5d7","ab56501167fe689fe55f6e6ddc3bb91952299bd5c3ef004b02bf1c3b4061c7cf","0faddbe1713455e3fc9777ec45adf07b28e24f4c3ddca37586c2aa6b539898c0","7463700ec5768d4af6549028465f978059611555aa8e22e2b7c664b1cdbfa9ae","7f24bc080281d250ec88493e5803e488721a17c9382cd54ba8dfbcb785f23a88","07aa971f0791b06dd442d4c7a49c1d3d27a1cbb16602f731e870b5ef50edf69e","cdcbd9c25e06ac6da5497fa19459d0007449ec1a3e6bc591334db6fb3598aecb","83de8917bf0ac1d670acf27431015215db872b7291979312dd65e30d99806abb","ec10a9396dca694fe64366e0dab82d046cf92457f97efd50a68ceb85adef6b74","22a50cea6ad67a7e8582d2cd4cdc3eaaf57c0fbe8cd062a9b15710166e255a86","1c88150ec85a07c3db5f18c5eedcb0b653467b897af01d690ed996e5e07ba8e3","c6a3a1ea84251aed908702a1f2a565496d583239c5f467f5dcd0cfc5bfb1a6db","a50f85c71b69563ba42bf04c937e1063244ca4957231d3adac76f1c96ab42d3c","ec5a96f42aeccdf9a3ae4c3650689606c8539fd65c0b47f30887afecb901be43","73eaba82ef1c502448e533007e92b1afa879b09f85f28b71648668ea62839ff5","7586e58a569c2a07d0b3a710616f48833a040bf3fc57628bbdec7fcb462d565a","166b6dcdac31f4bf51e4b20a7c3f7d4f7017ca0c30fa123d5591e25c3fa66107","e5f1360d4c299bb32e33e081115f2b520251a983af2ebc649b4b9b70308246fe","c02accc26a389397fb172f83258baa8a974986ffd706ba708a3b0a679f61be56","21fc0f50d545c0a373380934dc61c423c8a31d8c3e6eae4f8a35149ad9962d88","073b35ecbd1833575fbfb1307654fc532fd938482e09426cfb0541ad87a04f75","3e52c310c6556367ff9e18448bc41719e603d1cbbdafdcba736c6565529617b6","8405d742405d3a6d3bda6bc49630dd5f3604a3d6ae27cbd533e425f8abbaafdc")

    Reference: 

    https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html

     

     


    Tags

    MalwareAPT

    « Previous ArticleNext Article »

    Comments

    No records to display

    Looking for Something?
    Threat Research Categories:
    Tags

    Privacy & Security StatementTerms & Conditions
    Copyright © 2025 by Gurucul - All rights reserved.