Earth Preta

Directly Linked Intrusion Sets	BRONZE PRESIDENT , Mustang Panda

Earth Preta is an adversary tracked by TrendMicro. Researchers have identified a wide outbreak of attacks targeting the government, academic, foundations, and research sectors in countries including Myanmar, Australia, the Philippines, Japan and Taiwan.

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

Earth Preta Threat Reports

Report

Earth Preta Campaign Uses DOPLUGS to Target Asia

This blog post by researchers from Trend Micro describes the use of a customized PlugX backdoor which they name DOPLUGS. The DOPLUGS malware uses ...

View Source

References

www.trendmicro.com

https://www.trendmicro.com/en_us/research/22/k/earth-preta-spear-phishing-governments-worldwide.html

www.trendmicro.com

https://www.trendmicro.com/en_us/research/24/b/earth-preta-campaign-targets-asia-doplugs.html

MITRE ATT&CK Techniques

MITRE ATT&CK techniques observed in use by this intrusion set.

Search:

ATT&CK ID	Title	Associated Tactics
T1587.001	Malware	Resource Development
T1204.002	Malicious File	Execution
T1025	Data from Removable Media	Collection
T1056.001	Keylogging	Collection, Credential Access
T1608.005	Link Target	Resource Development
T1091	Replication Through Removable Media	Initial Access, Lateral Movement
T1071.001	Web Protocols	Command and Control
T1574.002	DLL Side-Loading	Defense Evasion, Persistence, Privilege Escalation
T1608.001	Upload Malware	Resource Development
T1585.002	Email Accounts	Resource Development
T1049	System Network Connections Discovery	Discovery
T1070.009	Clear Persistence	Defense Evasion
T1036.005	Match Legitimate Name or Location	Defense Evasion
T1588.002	Tool	Resource Development
T1082	System Information Discovery	Discovery
T1140	Deobfuscate/Decode Files or Information	Defense Evasion
T1083	File and Directory Discovery	Discovery
T1053.005	Scheduled Task	Execution, Persistence, Privilege Escalation
T1566.002	Spearphishing Link	Initial Access
T1090	Proxy	Command and Control
T1547.001	Registry Run Keys / Startup Folder	Persistence, Privilege Escalation
T1012	Query Registry	Discovery
T1016.001	Internet Connection Discovery	Discovery
T1583.004	Server	Resource Development
T1005	Data from Local System	Collection
T1564.001	Hidden Files and Directories	Defense Evasion
T1573	Encrypted Channel	Command and Control

Showing 1 to 27 of 27 entries