🇨🇳
Earth Lusca
APT Group
Information theft and espionage
Financial gain
1 zero-day CVE
ETDA ✓
Also Known As 11 names
AQUATIC PANDA
BRONZE UNIVERSITY
BountyGlad
CHROMIUM
Charcoal Typhoon
ControlX
FISHMONGER
Red Dev 10
Red Scylla
RedHotel
TAG-22
Target Countries 17
Countries highlighted in red
Afghanistan
Bangladesh
Bhutan
China
Hong Kong
India
Cambodia
Malaysia
Nepal
Philippines
Pakistan
Palestine
Thailand
Province of China Taiwan
United States
Vietnam
South Africa
Sectors Targeted
Computer Systems Design Services
541512
Construction
23
Insurance Carriers and Related Activities
524
Management Consulting Services
54161
Motor Vehicle Manufacturing
3361
Advertising Agencies
54181
Education
Aerospace
Telecommunications
Data Processing, Hosting, and Related Services
51821
Media
Government
Computer Systems Design and Related Services
54151
Details
Origin
🇨🇳 CN
Last Updated
07 May 2025
Malware Families 13
ccleaner_backdoor
Vantom
NJRAT
houdini
zhmimikatz
unidentified_081
win.shadow_rat
venom
H-worm
maui
dubrute
raccoon
adwind
MITRE ATT&CK 159
T1001
T1003
T1003.001 - LSASS Memory
T1003.002 - Security Account Manager
T1003.006
T1005 - Data from Local System
T1007 - System Service Discovery
T1010
T1012
T1016 - System Network Configuration Discovery
T1018
T1020
T1021
T1021.001 - Remote Desktop Protocol
T1021.002 - SMB/Windows Admin Shares
T1021.004
T1027 - Obfuscated Files or Information
T1027.002 - Software Packing
T1027.003
T1027.009
T1027.010
T1027.012
T1030 - Data Transfer Size Limits
T1033 - System Owner/User Discovery
T1036 - Masquerading
T1036.004
T1036.005
T1036.007
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1046 - Network Service Scanning
T1047
T1049
T1053
T1053.005
T1055 - Process Injection
T1056 - Input Capture
T1057 - Process Discovery
T1059 - Command and Scripting Interpreter
T1059.001 - PowerShell
T1059.003 - Windows Command Shell
T1059.004
T1059.005
T1059.006
T1059.007
T1064
T1070
T1070.001
T1070.003
T1070.004
T1070.006 - Timestomp
T1071 - Application Layer Protocol
T1071.001 - Web Protocols
T1072 - Software Deployment Tools
T1074 - Data Staged
T1078 - Valid Accounts
T1078.002
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1087
T1087.001 - Local Account
T1090 - Proxy
T1095 - Non-Application Layer Protocol
T1098
T1098.004
T1102 - Web Service
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1106
T1112
T1113 - Screen Capture
T1115
T1119 - Automated Collection
T1124 - System Time Discovery
T1125
T1127
T1132 - Data Encoding
T1134 - Access Token Manipulation
T1140 - Deobfuscate/Decode Files or Information
T1176 - Browser Extensions
T1189
T1190
T1195
T1202
T1203
T1204
T1204.001
T1204.002 - Malicious File
T1210
T1213
T1218
T1218.005
T1218.011
T1482
T1489
T1496 - Resource Hijacking
T1497
T1505
T1505.003 - Web Shell
T1518
T1518.001
T1528
T1529
T1530
T1539 - Steal Web Session Cookie
T1543
T1543.003 - Windows Service
T1547 - Boot or Logon Autostart Execution
T1547.012
T1548
T1548.002
T1550
T1550.002
T1552
T1553 - Subvert Trust Controls
T1555 - Credentials from Password Stores
T1555.003 - Credentials from Web Browsers
T1556.002 - Password Filter DLL
T1560 - Archive Collected Data
T1560.001
T1562
T1562.001
T1564
T1564.001
T1566
T1566.001
T1566.002
T1567
T1567.002
T1571 - Non-Standard Port
T1573
T1574 - Hijack Execution Flow
T1574.001
T1574.002 - DLL Side-Loading
T1574.006
T1583 - Acquire Infrastructure
T1583.001 - Domains
T1583.004 - Server
T1583.006
T1584
T1584.004
T1584.006
T1587 - Develop Capabilities
T1588 - Obtain Capabilities
T1588.001
T1588.002
T1589 - Gather Victim Identity Information
T1590 - Gather Victim Network Information
T1592 - Gather Victim Host Information
T1595
T1595.002
T1596 - Search Open Technical Databases
T1598 - Phishing for Information
T1608 - Stage Capabilities
T1608.001
T1614
T1654
T1685
T1685.005