CN

Earth BaxiaEarth Baxia

Also known as: Earth Baxia

Origin
CN
Known aliases
1

Profile

Earth Baxia is a threat actor opearting out of China, targeting government organizations in Taiwan and potentially across the APAC region, using spear-phishing emails and exploiting the GeoServer vulnerability CVE-2024-36401 for remote code execution, deploying customized Cobalt Strike components with altered signatures, leveraging GrimResource and AppDomainManager injection techniques to deliver additional payloads, and utilizing a new backdoor named EAGLEDOOR for multi-protocol communication and payload delivery.

Aliases· 1

Earth Baxia

References

  1. https://www.tgsoft.it/news/news_archivio.asp?id=1568
  2. https://jp.security.ntt/tech_blog/appdomainmanager-injection
  3. https://www.trendmicro.com/en_us/research/24/i/earth-baxia-spear-phishing-and-geoserver-exploit.html
  4. https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/i/earth-baxia-uses-spear-phishing-and-geoserver-exploit-to-target-apac/IOCs%20-%20Earth%20Baxia%20Uses%20Spear-Phishing%20and%20GeoServer%20Exploit%20to%20Target%20APAC.txt

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Earth Lamia
Actor
Earth Alux
Actor
Earth Wendigo
Actor
Earth Krahang
Actor
Flax Typhoon
Actor
Earth Yako
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.