Based on available threat intelligence and technical databases, is a compressed archive associated with malicious activity, specifically linked to Earth Preta (also known as Mustang Panda), a Chinese-based Advanced Persistent Threat (APT) group . This file has been identified as a delivery vehicle for malware in cyberespionage campaigns targeting government and research entities. Technical Overview
: Government agencies, NGOs, and telecommunications sectors in Southeast Asia and Europe. HogFarming.7z
: It is frequently utilized in campaigns that leverage DLL Side-Loading techniques. In these scenarios, a legitimate, digitally signed executable is bundled with a malicious DLL that the executable is forced to load. : It is frequently utilized in campaigns that
: The file is primarily distributed via Spear Phishing emails. These emails often use topical lures related to regional geopolitics or government directives to entice victims into downloading and extracting the archive. Analysis of the Infection Chain These emails often use topical lures related to
Security teams should monitor for the following indicators related to this specific file name and associated threat actor behavior: : HogFarming.7z
: The infected system establishes an encrypted connection to a remote server to receive instructions and upload stolen data. Indicators of Compromise (IoCs)
