Earth Baxia

MISP

Tipo:
Unknown

Paese:
CN

Prima attivita:
Unknown

Dettagli:

Earth Baxia is a threat actor opearting out of China, targeting government organizations in Taiwan and potentially across the APAC region, using spear-phishing emails and exploiting the GeoServer vulnerability CVE-2024-36401 for remote code execution, deploying customized Cobalt Strike components with altered signatures, leveraging GrimResource and AppDomainManager injection techniques to deliver additional payloads, and utilizing a new backdoor named EAGLEDOOR for multi-protocol communication and payload delivery.

Riferimenti (4)

tgsoft.it - News Archivio
jp.security.ntt - Appdomainmanager Injection
trendmicro.com - Earth Baxia Spear Phishing And Geoserver Exploit
trendmicro.com - IOCs%20 %20Earth%20Baxia%20Uses%20Spear Phishing%20and%20GeoServer%20Exploit%20to%20Target%20APAC.txt

Metadata

ID:	737
Created:	13/01/2026 17:48
Updated:	07/03/2026 16:00