Operation Earth Berberoka: An Analysis of a Multivector and Multiplatform APT Campaign Targeting Online Gambling Sites
Common Information
| Type | Value |
|---|---|
| UUID | a02740e6-2ecb-4232-b8a2-f22a86f4f496 |
| Fingerprint | 47c4b2003b5195cc47d7c5ed4d3da877a2f27ef098d443189654f4e60c60345a |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | May 23, 2022, 10:33 a.m. |
| Added to db | April 14, 2024, 1:19 a.m. |
| Last updated | Aug. 31, 2024, 3:54 a.m. |
| Headline | Operation Earth Berberoka: An Analysis of a Multivector and Multiplatform APT Campaign Targeting Online Gambling Sites |
| Title | Operation Earth Berberoka: An Analysis of a Multivector and Multiplatform APT Campaign Targeting Online Gambling Sites |
| Detected Hints/Tags/Attributes | 207/4/127 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | CVE | 1 | cve-2019-17100 |
|
| Details | Domain | 3 | envato.com |
|
| Details | Domain | 2 | linux.daj8.me |
|
| Details | Domain | 2 | win.googie.ph |
|
| Details | Domain | 2 | dust.github.wiki |
|
| Details | Domain | 3 | github.wiki |
|
| Details | Domain | 1 | mmchat.online |
|
| Details | Domain | 2 | mimi.app |
|
| Details | Domain | 3 | flash.cn |
|
| Details | Domain | 3 | shopingchina.net |
|
| Details | Domain | 2 | linux.shopingchina.net |
|
| Details | Domain | 2 | test66.shopingchina.net |
|
| Details | Domain | 2 | fn.shopingchina.net |
|
| Details | Domain | 2 | jqb.shopingchina.net |
|
| Details | Domain | 38 | www.statista.com |
|
| Details | Domain | 3 | www.sciencedaily.com |
|
| Details | Domain | 604 | www.trendmicro.com |
|
| Details | Domain | 251 | www.bleepingcomputer.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 368 | microsoft.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | developpaper.com |
|
| Details | Domain | 4 | airbus-cyber-security.com |
|
| Details | Domain | 360 | attack.mitre.org |
|
| Details | Domain | 132 | trendmicro.com |
|
| Details | Domain | 1 | thaihosttalk.com |
|
| Details | Domain | 469 | www.cisa.gov |
|
| Details | Domain | 9 | vms.drweb.com |
|
| Details | Domain | 1 | www.xuehua.tw |
|
| Details | Domain | 3 | drweb.com |
|
| Details | Domain | 1 | www.w88you.com |
|
| Details | Domain | 65 | imgur.com |
|
| Details | Domain | 1 | www.114dns.com |
|
| Details | Domain | 1 | www.aiteinstitute.com |
|
| Details | Domain | 20 | www.idc.com |
|
| Details | Domain | 1 | www.yabo.uk |
|
| Details | Domain | 247 | www.virusbulletin.com |
|
| Details | Domain | 62 | stackoverflow.com |
|
| Details | Domain | 202 | krebsonsecurity.com |
|
| Details | Domain | 1 | www.iconbolt.com |
|
| Details | Domain | 5 | www.electronjs.org |
|
| Details | Domain | 128 | www.bitdefender.com |
|
| Details | Domain | 13 | quointelligence.eu |
|
| Details | Domain | 262 | www.welivesecurity.com |
|
| Details | Domain | 23 | www.intezer.com |
|
| Details | Domain | 57 | www.clearskysec.com |
|
| Details | Domain | 37 | www.blackberry.com |
|
| Details | Domain | 397 | www.microsoft.com |
|
| Details | File | 3 | asycfilt.dll |
|
| Details | File | 4 | lz32.dll |
|
| Details | File | 68 | config.ini |
|
| Details | File | 3 | msvcpx00.dll |
|
| Details | File | 3 | verisign.bmp |
|
| Details | File | 3 | bitmap.bmp |
|
| Details | File | 3 | c:\\users\\public\\pictures\\desktop.inf |
|
| Details | File | 3 | c:\users\public\videos\config.ini |
|
| Details | File | 1122 | svchost.exe |
|
| Details | File | 3 | smtemp.dat |
|
| Details | File | 21 | loader.dll |
|
| Details | File | 1 | c:\windows\system32\ctfmon3.jpg |
|
| Details | File | 2 | 3.dmg |
|
| Details | File | 130 | info.pl |
|
| Details | File | 674 | node.js |
|
| Details | File | 156 | package.json |
|
| Details | File | 5 | electron-main.js |
|
| Details | File | 1 | electro-main.js |
|
| Details | File | 1 | usoprivate.exe |
|
| Details | File | 25 | log.dll |
|
| Details | File | 2 | usoprivate.dat |
|
| Details | File | 2 | xss.php |
|
| Details | File | 1 | 码.rar |
|
| Details | File | 1 | 210517083636.htm |
|
| Details | File | 1 | new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html |
|
| Details | File | 1 | unplugging-plugx-capabilities.html |
|
| Details | File | 1 | destructive_malware_white_paper_s508c.pdf |
|
| Details | File | 66 | www.ai |
|
| Details | File | 7 | www.ico |
|
| Details | File | 2 | eset_winnti.pdf |
|
| Details | File | 1 | report-bb-decade-of-the-rats.pdf |
|
| Details | Github username | 1 | denji |
|
| Details | Github username | 2 | lucas-clemente |
|
| Details | Github username | 4 | n1nj4sec |
|
| Details | Github username | 2 | f0rb1dd3n |
|
| Details | Github username | 1 | milabs |
|
| Details | md5 | 3 | 2726c6aea9970bb95211304705b5f595 |
|
| Details | sha256 | 1 | 74d93253090f999977fa8e32b03b94bb8d35f59a8390545fd10da0f7fb1fcd13 |
|
| Details | sha256 | 2 | ee07dfd6443af8f20f5f11effb9cbcec07e125697a28aee78718caeed17f1407 |
|
| Details | IPv4 | 295 | 8.8.8.8 |
|
| Details | IPv4 | 13 | 114.114.114.114 |
|
| Details | IPv4 | 1 | 1.1.6.3 |
|
| Details | Pdb | 3 | logexts.pdb |
|
| Details | Url | 1 | https://www.statista.com/statistics/270728/market-volume-of-online-gaming-worldwide/. |
|
| Details | Url | 1 | https://www.sciencedaily.com/releases/2021/05/210517083636.htm |
|
| Details | Url | 26 | https://www.trendmicro.com |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/800gbps-ddos-extortion-attack-hits-gambling- |
|
| Details | Url | 2 | https://twitter.com/itsreallynick |
|
| Details | Url | 1 | https://github.com/denji/golang-tls. |
|
| Details | Url | 1 | https://github.com/lucas-clemente/quic- |
|
| Details | Url | 1 | https://developpaper.com/understanding-the-implementation-of-http-server-in-golang/. |
|
| Details | Url | 25 | https://www.trendmicro |
|
| Details | Url | 1 | https://www.trendmicro.com/en_us/research/12/i/unplugging-plugx-capabilities.html |
|
| Details | Url | 57 | https://attack.mitre.org |
|
| Details | Url | 1 | https://d.thaihosttalk.com/t/i-am-virus-fuck-you/34081. |
|
| Details | Url | 1 | https://www.cisa.gov/uscert/sites/default/files/documents/destructive_malware_white_paper_s508c.pdf |
|
| Details | Url | 1 | https://vms.drweb.com |
|
| Details | Url | 1 | https://www.xuehua.tw/a/5ec83986e3f5c17164172a23. |
|
| Details | Url | 1 | https://www.w88you.com/. |
|
| Details | Url | 1 | https://imgur.com/a/laq1tmq. |
|
| Details | Url | 1 | https://www.114dns.com/. |
|
| Details | Url | 1 | https://www.aiteinstitute.com/en/about/. |
|
| Details | Url | 1 | https://www.idc.com/cn_eng. |
|
| Details | Url | 1 | https://www.yabo.uk/. |
|
| Details | Url | 1 | https://www.virusbulletin.com/blog/2013/09/malware-spoofing-http-host-header-hide-c-amp-c- |
|
| Details | Url | 1 | https://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/. |
|
| Details | Url | 1 | https://github.com/n1nj4sec/pupy. |
|
| Details | Url | 1 | https://github.com/f0rb1dd3n/reptile. |
|
| Details | Url | 1 | https://github.com/milabs |
|
| Details | Url | 1 | https://www.iconbolt.com/iconsets |
|
| Details | Url | 1 | https://www.electronjs.org/docs/v14-x-y/api/app#event |
|
| Details | Url | 1 | https://www.bitdefender.com/support/security-advisories/untrusted-search-path-vulnerability- |
|
| Details | Url | 2 | https://quointelligence.eu/2020/04/winnti-group-insights-from-the-past/. |
|
| Details | Url | 4 | https://www.welivesecurity.com/wp-content |
|
| Details | Url | 1 | https://www.intezer.com/blog/malware-analysis/chinaz-relations/. |
|
| Details | Url | 1 | https://www.bitdefender.com/blog/labs/operation-pzchao-a-possible-return-of-the-iron-tiger-apt/. |
|
| Details | Url | 2 | https://www.clearskysec.com/winnti/. |
|
| Details | Url | 1 | https://www.blackberry.com/content/dam/blackberry-com/asset/enterprise/pdf |
|
| Details | Url | 5 | https://www.microsoft.com/security |