cti-ATT-CK-v13.1/mobile-attack/intrusion-set/intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034.json

{
    "type": "bundle",
    "id": "bundle--ff9eff1c-ed23-460d-9ffb-cda4c583cb47",
    "spec_version": "2.0",
    "objects": [
        {
            "modified": "2022-10-17T19:51:56.531Z",
            "name": "Earth Lusca",
            "description": "[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the United Arab Emirates, Nigeria, Germany, France, and the United States. Targets included government institutions, news media outlets, gambling companies, educational institutions, COVID-19 research organizations, telecommunications companies, religious movements banned in China, and cryptocurrency trading platforms; security researchers assess some [Earth Lusca](https://attack.mitre.org/groups/G1006) operations may be financially motivated.(Citation: TrendMicro EarthLusca 2022)\n\n[Earth Lusca](https://attack.mitre.org/groups/G1006) has used malware commonly used by other Chinese threat groups, including [APT41](https://attack.mitre.org/groups/G0096) and the [Winnti Group](https://attack.mitre.org/groups/G0044) cluster, however security researchers assess [Earth Lusca](https://attack.mitre.org/groups/G1006)'s techniques and infrastructure are separate.(Citation: TrendMicro EarthLusca 2022)",
            "aliases": [
                "Earth Lusca",
                "TAG-22"
            ],
            "x_mitre_deprecated": false,
            "x_mitre_version": "1.0",
            "type": "intrusion-set",
            "id": "intrusion-set--cc613a49-9bfa-4e22-98d1-15ffbb03f034",
            "created": "2022-07-01T20:12:30.184Z",
            "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
            "revoked": false,
            "external_references": [
                {
                    "source_name": "mitre-attack",
                    "url": "https://attack.mitre.org/groups/G1006",
                    "external_id": "G1006"
                },
                {
                    "source_name": "TAG-22",
                    "description": "(Citation: Recorded Future TAG-22 July 2021)"
                },
                {
                    "source_name": "TrendMicro EarthLusca 2022",
                    "description": "Chen, J., et al. (2022). Delving Deep: An Analysis of Earth Lusca\u2019s Operations. Retrieved July 1, 2022.",
                    "url": "https://www.trendmicro.com/content/dam/trendmicro/global/en/research/22/a/earth-lusca-employs-sophisticated-infrastructure-varied-tools-and-techniques/technical-brief-delving-deep-an-analysis-of-earth-lusca-operations.pdf"
                },
                {
                    "source_name": "Recorded Future TAG-22 July 2021",
                    "description": "INSIKT GROUP. (2021, July 8). Chinese State-Sponsored Activity Group TAG-22 Targets Nepal, the Philippines, and Taiwan Using Winnti and Other Tooling. Retrieved September 2, 2022.",
                    "url": "https://www.recordedfuture.com/chinese-group-tag-22-targets-nepal-philippines-taiwan"
                }
            ],
            "object_marking_refs": [
                "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
            ],
            "x_mitre_domains": [
                "enterprise-attack",
                "mobile-attack"
            ],
            "x_mitre_attack_spec_version": "2.1.0",
            "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5"
        }
    ]
}