Earth Preta
| Directly Linked Intrusion Sets | BRONZE PRESIDENT , Mustang Panda |
|---|
Earth Preta is an adversary tracked by TrendMicro. Researchers have identified a wide outbreak of attacks targeting the government, academic, foundations, and research sectors in countries including Myanmar, Australia, the Philippines, Japan and Taiwan.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Earth Preta Threat Reports
Report
Earth Preta Campaign Uses DOPLUGS to Target Asia
This blog post by researchers from Trend Micro describes the use of a customized PlugX backdoor which they name DOPLUGS. The DOPLUGS malware uses ...
References
MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1587.001 | Malware | Resource Development |
| T1204.002 | Malicious File | Execution |
| T1025 | Data from Removable Media | Collection |
| T1056.001 | Keylogging | Collection, Credential Access |
| T1608.005 | Link Target | Resource Development |
| T1091 | Replication Through Removable Media | Initial Access, Lateral Movement |
| T1071.001 | Web Protocols | Command and Control |
| T1574.002 | DLL Side-Loading | Defense Evasion, Persistence, Privilege Escalation |
| T1608.001 | Upload Malware | Resource Development |
| T1585.002 | Email Accounts | Resource Development |
| T1049 | System Network Connections Discovery | Discovery |
| T1070.009 | Clear Persistence | Defense Evasion |
| T1036.005 | Match Legitimate Name or Location | Defense Evasion |
| T1588.002 | Tool | Resource Development |
| T1082 | System Information Discovery | Discovery |
| T1140 | Deobfuscate/Decode Files or Information | Defense Evasion |
| T1083 | File and Directory Discovery | Discovery |
| T1053.005 | Scheduled Task | Execution, Persistence, Privilege Escalation |
| T1566.002 | Spearphishing Link | Initial Access |
| T1090 | Proxy | Command and Control |
| T1547.001 | Registry Run Keys / Startup Folder | Persistence, Privilege Escalation |
| T1012 | Query Registry | Discovery |
| T1016.001 | Internet Connection Discovery | Discovery |
| T1583.004 | Server | Resource Development |
| T1005 | Data from Local System | Collection |
| T1564.001 | Hidden Files and Directories | Defense Evasion |
| T1573 | Encrypted Channel | Command and Control |