[threat-actors] Add Earth Kapre

This commit is contained in:
Mathieu4141 2024-03-20 10:23:42 -07:00
parent 6490424201
commit b2e9f6c152

View file

@ -15351,6 +15351,20 @@
}, },
"uuid": "ffb28c09-16a6-483a-817a-89c89751c9d4", "uuid": "ffb28c09-16a6-483a-817a-89c89751c9d4",
"value": "UNC5325" "value": "UNC5325"
},
{
"description": "Earth Kapre is an APT group specializing in cyberespionage. They target organizations in various countries through phishing campaigns using malicious attachments to infect machines. Earth Kapre employs techniques like abusing PowerShell, curl, and Program Compatibility Assistant to execute malicious commands and evade detection within targeted networks. The group has been active since at least 2018 and has been linked to multiple incidents involving data theft and espionage.",
"meta": {
"refs": [
"https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html"
],
"synonyms": [
"RedCurl",
"Red Wolf"
]
},
"uuid": "d4004926-bf12-4cfe-b141-563c8ffb304a",
"value": "Earth Kapre"
} }
], ],
"version": 304 "version": 304