← Back to Actors
Earth Lusca
Earth LuscaTAG-22Charcoal TyphoonCHROMIUMControlX
[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the United Arab Emirates, Nigeria, Germany, France, and the United States. Targets included government institutions, news media outlets, gambling companies, educational institutions, COVID-19 research organizations, telecommunications companies, religious movements banned in C...
44
Techniques
41
Covered
3
Gaps
93%
Coverage
Coverage41/44
COVERED (41)
T1003.001LSASS Memory111 det.T1003.006DCSync16 det.T1007System Service Discovery15 det.T1016System Network Configuration Discovery40 det.T1018Remote System Discovery51 det.T1027Obfuscated Files or Information606 det.T1027.003Steganography5 det.T1033System Owner/User Discovery61 det.T1036.005Match Legitimate Resource Name or Location45 det.T1047Windows Management Instrumentation88 det.T1049System Network Connections Discovery22 det.T1053.005Scheduled Task100 det.T1057Process Discovery21 det.T1059.001PowerShell372 det.T1059.005Visual Basic69 det.T1059.006Python51 det.T1059.007JavaScript63 det.T1090Proxy48 det.T1098.004SSH Authorized Keys13 det.T1112Modify Registry203 det.T1140Deobfuscate/Decode Files or Information58 det.T1189Drive-by Compromise10 det.T1190Exploit Public-Facing Application227 det.T1204.001Malicious Link11 det.T1204.002Malicious File441 det.T1210Exploitation of Remote Services35 det.T1218.005Mshta49 det.T1482Domain Trust Discovery41 det.T1543.003Windows Service79 det.T1547.012Print Processors8 det.T1548.002Bypass User Account Control84 det.T1560.001Archive via Utility26 det.T1566.002Spearphishing Link1005 det.T1567.002Exfiltration to Cloud Storage31 det.T1574.001DLL111 det.T1583.001Domains62 det.T1583.006Web Services1 det.T1588.001Malware2 det.T1588.002Tool13 det.T1595.002Vulnerability Scanning13 det.T1608.001Upload Malware3 det.