: Launching the primary file triggers the sideloading of a malicious component (often disguised as a library like MpsSvc.dll or similar).

: The file is primarily distributed via Spear Phishing emails. These emails often use topical lures related to regional geopolitics or government directives to entice victims into downloading and extracting the archive. Analysis of the Infection Chain HogFarming.7z

: Once the user extracts "HogFarming.7z", they find what appears to be a legitimate document or application. : Launching the primary file triggers the sideloading

: Add "HogFarming.7z" and similar suspicious archive names to email and web filter blocklists. HogFarming.7z

: Government agencies, NGOs, and telecommunications sectors in Southeast Asia and Europe.

The "HogFarming.7z" archive typically contains multiple layers of obfuscation designed to bypass traditional security perimeters.

Select your currency
EUREuro
USDUnited States (US) dollar
GBPPound sterling