CN

Earth BerberokaEarth Berberoka

Also known as: GamblingPuppet · Earth Berberoka

Origin
CN
Known aliases
2
Target sectors
4

Profile

According to TrendMicro, Earth Berberoka is a threat group originating from China that mainly focuses on targeting gambling websites. This group's campaign uses multiple malware families that target the Windows, Linux, and macOS platforms that have been attributed to Chinese-speaking actors. Aside from using tried-and-tested malware families that have been upgraded, such as PlugX and Gh0st RAT, Earth Berberoka has also developed a brand-new complex, multistage malware family, which has been dubbed PuppetLoader.

Aliases· 2

GamblingPuppetEarth Berberoka

Target sectors· 4

Gambling WebsitesInformation technologyElectronics ManufacturersEducation

Known victims· 5

  • China
  • United States
  • Hong Kong
  • Malaysia
  • Taiwan

References

  1. https://documents.trendmicro.com/assets/white_papers/wp-operation-earth-berberoka.pdf
  2. https://www.trendmicro.com/en_us/research/22/d/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html
  3. https://documents.trendmicro.com/assets/txt/earth-berberoka-windows-iocs-2.txt
  4. https://documents.trendmicro.com/assets/txt/earth-berberoka-linux-iocs-2.txt
  5. https://documents.trendmicro.com/assets/txt/earth-berberoka-macos-iocs-2.txt
  6. https://documents.trendmicro.com/assets/txt/earth-berberoka-domains-2.txt
  7. https://www.youtube.com/watch?v=QXGO4RJaUPQ
  8. https://www.botconf.eu/wp-content/uploads/2022/05/Botconf2022-40-LunghiHorejsi.pdf

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Earth Krahang
Group
Earth Lusca
Actor
Earth Yako
Actor
Earth Wendigo
Actor
Earth Kurma
Actor
Earth Naga
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.