Introduction
According to TrendMicro, Earth Berberoka is a threat group originating from China that mainly focuses on targeting gambling websites. This groupβs campaign uses multiple malware families that target the Windows, Linux, and macOS platforms that have been attributed to Chinese-speaking actors. Aside from using tried-and-tested malware families that have been upgraded, such as PlugX and Gh0st RAT, Earth Berberoka has also developed a brand-new complex, multistage malware family, which has been dubbed PuppetLoader.
Activities and Tactics
Targeted Sectors: Gambling Websites, Information technology, Electronics Manufacturers, Education
Country of Origin: π¨π³ China
Suspected Victims: China, United States, Hong Kong, Malaysia, Taiwan
Notable Campaigns
Information pending cataloguing.
Tactics, Techniques, and Procedures (TTPs)
Information pending cataloguing.
Notable Indicators of Compromise (IOCs)
No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.
Malware and Tools
- PlugX
- China Chopper
- gh0st
- Gh0st RAT
- Windows Remote Desktop
Attribution and Evidence
Country of Origin: China Additional attribution information pending cataloguing.
References
References pending cataloguing.