Hogfarming.7z Apr 2026

Security teams should monitor for the following indicators related to this specific file name and associated threat actor behavior: : HogFarming.7z

Based on available threat intelligence and technical databases, is a compressed archive associated with malicious activity, specifically linked to Earth Preta (also known as Mustang Panda), a Chinese-based Advanced Persistent Threat (APT) group . This file has been identified as a delivery vehicle for malware in cyberespionage campaigns targeting government and research entities. Technical Overview

: It is frequently utilized in campaigns that leverage DLL Side-Loading techniques. In these scenarios, a legitimate, digitally signed executable is bundled with a malicious DLL that the executable is forced to load. HogFarming.7z

: Add "HogFarming.7z" and similar suspicious archive names to email and web filter blocklists.

: Government agencies, NGOs, and telecommunications sectors in Southeast Asia and Europe. Security teams should monitor for the following indicators

: The malware modifies registry keys or creates scheduled tasks to ensure it remains active after system reboots.

: The infected system establishes an encrypted connection to a remote server to receive instructions and upload stolen data. Indicators of Compromise (IoCs) : The malware modifies registry keys or creates

: Launching the primary file triggers the sideloading of a malicious component (often disguised as a library like MpsSvc.dll or similar).