EXPLORE
Sign In
← Back to Actors

Earth Lusca

Earth LuscaTAG-22Charcoal TyphoonCHROMIUMControlX

[Earth Lusca](https://attack.mitre.org/groups/G1006) is a suspected China-based cyber espionage group that has been active since at least April 2019. [Earth Lusca](https://attack.mitre.org/groups/G1006) has targeted organizations in Australia, China, Hong Kong, Mongolia, Nepal, the Philippines, Taiwan, Thailand, Vietnam, the United Arab Emirates, Nigeria, Germany, France, and the United States. Targets included government institutions, news media outlets, gambling companies, educational institutions, COVID-19 research organizations, telecommunications companies, religious movements banned in C...

44
Techniques
41
Covered
3
Gaps
93%
Coverage
Coverage41/44

GAPS (3)

T1583.004ServerT1584.004ServerT1584.006Web Services

COVERED (41)

T1003.001LSASS Memory105 det.T1003.006DCSync14 det.T1007System Service Discovery11 det.T1016System Network Configuration Discovery35 det.T1018Remote System Discovery46 det.T1027Obfuscated Files or Information525 det.T1027.003Steganography5 det.T1033System Owner/User Discovery59 det.T1036.005Match Legitimate Resource Name or Location44 det.T1047Windows Management Instrumentation85 det.T1049System Network Connections Discovery21 det.T1053.005Scheduled Task82 det.T1057Process Discovery18 det.T1059.001PowerShell338 det.T1059.005Visual Basic66 det.T1059.006Python43 det.T1059.007JavaScript58 det.T1090Proxy44 det.T1098.004SSH Authorized Keys12 det.T1112Modify Registry197 det.T1140Deobfuscate/Decode Files or Information55 det.T1189Drive-by Compromise10 det.T1190Exploit Public-Facing Application208 det.T1204.001Malicious Link9 det.T1204.002Malicious File397 det.T1210Exploitation of Remote Services33 det.T1218.005Mshta46 det.T1482Domain Trust Discovery38 det.T1543.003Windows Service79 det.T1547.012Print Processors8 det.T1548.002Bypass User Account Control83 det.T1560.001Archive via Utility24 det.T1566.002Spearphishing Link837 det.T1567.002Exfiltration to Cloud Storage27 det.T1574.001DLL106 det.T1583.001Domains61 det.T1583.006Web Services1 det.T1588.001Malware2 det.T1588.002Tool13 det.T1595.002Vulnerability Scanning12 det.T1608.001Upload Malware2 det.