Anonymous ๐Ÿˆ๏ธ๐Ÿพโ˜•๐Ÿต๐Ÿด๐Ÿ‡ต๐Ÿ‡ธ Apr 10, 2024

Learn how #cyberespionage group #EarthFreybug uses DLL hijacking and API unhooking to prevent child processes from being monitored via a new malware type weโ€™ve dubbed UNAPIMON.

Details in our latest blog entry: https://research.trendmicro.com/4adcpbP

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware weโ€™ve discovered and dubbed UNAPIMON.

Trend Micro
Not SimonApr 2, 2024

Trend Micro reported on the attack chain of a cyberespionage group Earth Freybug, which they claim is a subset of the Chinese state-sponsored APT41 (Winnti Group). No information about the targets or timeline, but they describe a new UNAPIMON malware used for defense evasion ( prevent child processes from being monitored). One SHA256 provided, which isn't recognized in VirusTotal. ๐Ÿ”— https://www.trendmicro.com/en_us/research/24/d/earth-freybug.html

#China #cyberespionage #EarthFreybug #APT41 #Winnti #UNAPIMON #threatintel #IOC

Earth Freybug Uses UNAPIMON for Unhooking Critical APIs

This article provides an in-depth look into two techniques used by Earth Freybug actors: dynamic-link library (DLL) hijacking and application programming interface (API) unhooking to prevent child processes from being monitored via a new malware weโ€™ve discovered and dubbed UNAPIMON.

Trend Micro