NAME:
EarthEstries

Alias
EarthEstries

Description:
The earliest attacks by this APT group date back to 2020. The source of the attacks is unknown, targeting government and technology industry targets in the Philippines, Taiwan, Malaysia, South Africa, Germany, and the United States. After its attack, it delivers the attack code of Zingdoor, TrillClient and HemiGate, and commonly loads the Trojan in various ways of white utilization, which has a certain overlap with FamousSparrow.

References:
https://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html