The "HogFarming.7z" archive typically contains multiple layers of obfuscation designed to bypass traditional security perimeters.
: The malware modifies registry keys or creates scheduled tasks to ensure it remains active after system reboots.
: Analysis suggests the archive often carries variants of the PlugX or ToneIns malware. PlugX is a modular Remote Access Trojan (RAT) used for data exfiltration, keystroke logging, and remote command execution. HogFarming.7z
: Government agencies, NGOs, and telecommunications sectors in Southeast Asia and Europe.
: Heavy reliance on .7z or .rar formats to hide malicious .exe and .dll pairings from basic email scanners. Mitigation Recommendations The "HogFarming
: Launching the primary file triggers the sideloading of a malicious component (often disguised as a library like MpsSvc.dll or similar).
Based on available threat intelligence and technical databases, is a compressed archive associated with malicious activity, specifically linked to Earth Preta (also known as Mustang Panda), a Chinese-based Advanced Persistent Threat (APT) group . This file has been identified as a delivery vehicle for malware in cyberespionage campaigns targeting government and research entities. Technical Overview PlugX is a modular Remote Access Trojan (RAT)
: It is frequently utilized in campaigns that leverage DLL Side-Loading techniques. In these scenarios, a legitimate, digitally signed executable is bundled with a malicious DLL that the executable is forced to load.