Based on available threat intelligence and technical databases, is a compressed archive associated with malicious activity, specifically linked to Earth Preta (also known as Mustang Panda), a Chinese-based Advanced Persistent Threat (APT) group . This file has been identified as a delivery vehicle for malware in cyberespionage campaigns targeting government and research entities. Technical Overview
: Launching the primary file triggers the sideloading of a malicious component (often disguised as a library like MpsSvc.dll or similar). HogFarming.7z
: The malware modifies registry keys or creates scheduled tasks to ensure it remains active after system reboots. : The malware modifies registry keys or creates
: The infected system establishes an encrypted connection to a remote server to receive instructions and upload stolen data. Indicators of Compromise (IoCs) HogFarming.7z
The "HogFarming.7z" archive typically contains multiple layers of obfuscation designed to bypass traditional security perimeters.