: Government agencies, NGOs, and telecommunications sectors in Southeast Asia and Europe.
The "HogFarming.7z" archive typically contains multiple layers of obfuscation designed to bypass traditional security perimeters. HogFarming.7z
: Add "HogFarming.7z" and similar suspicious archive names to email and web filter blocklists. : The infected system establishes an encrypted connection
: The infected system establishes an encrypted connection to a remote server to receive instructions and upload stolen data. Indicators of Compromise (IoCs) In these scenarios
: Educate staff on the risks of opening unexpected compressed archives, even if the sender appears legitimate.
: It is frequently utilized in campaigns that leverage DLL Side-Loading techniques. In these scenarios, a legitimate, digitally signed executable is bundled with a malicious DLL that the executable is forced to load.
: Analysis suggests the archive often carries variants of the PlugX or ToneIns malware. PlugX is a modular Remote Access Trojan (RAT) used for data exfiltration, keystroke logging, and remote command execution.
The Modern Work team specializes in developing and integrating custom solutions across the entire Microsoft 365 ecosystem. We design native applications for Microsoft and Azure platforms, and we implement business processes that maximize the return on investment in Microsoft 365.
