Hogfarming.7z Online

Based on available threat intelligence and technical databases, is a compressed archive associated with malicious activity, specifically linked to Earth Preta (also known as Mustang Panda), a Chinese-based Advanced Persistent Threat (APT) group . This file has been identified as a delivery vehicle for malware in cyberespionage campaigns targeting government and research entities. Technical Overview

: Deploy EDR (Endpoint Detection and Response) solutions to monitor for unusual DLL loading behavior from legitimate system binaries. HogFarming.7z

: The file is primarily distributed via Spear Phishing emails. These emails often use topical lures related to regional geopolitics or government directives to entice victims into downloading and extracting the archive. Analysis of the Infection Chain : The file is primarily distributed via Spear

: Once the user extracts "HogFarming.7z", they find what appears to be a legitimate document or application. : Heavy reliance on

: Heavy reliance on .7z or .rar formats to hide malicious .exe and .dll pairings from basic email scanners. Mitigation Recommendations

: Launching the primary file triggers the sideloading of a malicious component (often disguised as a library like MpsSvc.dll or similar).

: Analysis suggests the archive often carries variants of the PlugX or ToneIns malware. PlugX is a modular Remote Access Trojan (RAT) used for data exfiltration, keystroke logging, and remote command execution.