Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear
========================================================================================================================================================================================================
[Files SHA-256]								[Detection Name]
e669aaf63552430c6b7c6bd158bcd1e7a11091c164eb034319e1188d43b5490c	Trojan.Win64.WATERBEAR.ZTLC
0da9661ed1e73a58bd1005187ad9251bcdea317ca59565753d86ccf1e56927b8	Trojan.Win64.WATERBEAR.ZTLC.enc
ca0423851ee2aa3013fe74666a965c2312e42d040dbfff86595eb530be3e963f	Trojan.Win64.WATERBEAR.ZTLA
6dcc3af7c67403eaae3d5af2f057f0bb553d56ec746ff4cb7c03311e34343ebd	Trojan.Win64.WATERBEAR.ZTLC.enc
ab8d60e121d6f121c250208987beb6b53d4000bc861e60b093cf5c389e8e7162	Trojan.Win64.WATERBEAR.ZTLB
a569df3c46f3816d006a40046dae0eb1bc3f9f1d4d3799703070390e195f6dd4	Trojan.Win64.WATERBEAR.ZTLC.enc
e483cae34eb1e246c3dd4552b2e71614d4df53dc0bac06076442ffc7ac2e06b2	Trojan.Win64.WATERBEAR.ZTLB
c97e8075466cf91623b1caa1747a6c5ee38c2d0341e0a3a2fa8fcf5a2e6ad3a6	Trojan.Win64.WATERBEAR.ZTLB
6b9a14d4d9230e038ffd9e1f5fd0d3065ff0a78b52ab338644462864740c2241	Trojan.Win64.WATERBEAR.ZTLB.enc
d665aea7899ad317baf1b6e662f40a10d42045865f9eea1ab18993b50dd8942d	Trojan.Win64.DEUTERBEAR.ZTLC	
dc60d8b1eff66bfb91573c8f825695e27b0813a9891bd0541d9ff6a3ae7e8cf2	Trojan.Win64.DEUTERBEAR.ZTLC.enc
4540132def6dfa6d181cabf1e1689bede5ecfef6450b033fecb0aeb1fe1b3fe9	Trojan.Win64.DEUTERBEAR.ZTLC
8f26069b6b49391f245b8551aa42ca4814c52e7f52d0343916f5262557bf5c52	Trojan.Win64.DEUTERBEAR.ZTLC.enc
74efa0ce94f4285404108d3d19bf2ff64c7c3a1c85e9b59cf511b56f9d71dc05	Trojan.Win64.DEUTERBEAR.ZTLC
d6ac4f364b25365eb4a5636beffc836243743ecf7ef4ec391252119aed924cab	Trojan.Win64.DEUTERBEAR.ZTLC.enc

[Network]
freeprous.bakhell[.]com:443
cloudflaread.quadrantbd[.]com:443
showgyella.quadrantbd[.]com:443
rscvmogt.taishanlaw[.]com:443
smartclouds.gelatosg[.]com:443
suitsvm003.rchitecture[.]org:443
cloudsrm.gelatosg[.]com:443