[MART] - Daily Diary #498 - Earth Berberoka, A New APT group

CTAS-MAT ctas-mat at appgate.com
Wed Apr 27 21:17:51 UTC 2022


Hello,

I hope everyone is doing well!

Below is the entry for today.

04/27/2022 - Diary entry #498:

Also known as GamblingPuppet, Earth Berberoka is a recently discovered Advanced Persistent Threat (APT) group. Earth Berberoka targets gambling websites and systems from different platforms such as Windows, Linux, and macOS.

On campaigns targeting Windows-based systems, Earth Berberoka was found using malware families tied to Chinese-speaking threat actors, like oRAT, PlugX, Gh0st RAT, and other malware families like Quasar RAT, AsyncRAT, and Trochilus.

Besides known malware families, the APT group is using a new malware family dubbed PuppetLoader. To avoid detection, PuppetLoader stores its malicious payloads in BMP image files and it is comprised of five stages with several techniques to obfuscate the code and hijack legitimate DLLs.

So far Earth Berberoka disclosed attacks were targeting only the gambling market industry, but given the complexity of its toolkit, we expect it to expand its operations to other targets.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220427/a7b3d04c/attachment.htm>


More information about the MART mailing list