SYMBOLCOMMON_NAMEaka. SYNONYMS

Earth Berberoka  (Back to overview)

aka: GamblingPuppet

According to TrendMicro, Earth Berberoka is a threat group originating from China that mainly focuses on targeting gambling websites. This group's campaign uses multiple malware families that target the Windows, Linux, and macOS platforms that have been attributed to Chinese-speaking actors. Aside from using tried-and-tested malware families that have been upgraded, such as PlugX and Gh0st RAT, Earth Berberoka has also developed a brand-new complex, multistage malware family, which has been dubbed PuppetLoader.


Associated Families
elf.rshell win.hellobot

References
2022-10-17KasperskyGeorgy Kucherin, Kurt Baumgartner
DiceyF deploys GamePlayerFramework in online casino development studio
GamePlayerFramework DiceyF Earth Berberoka
2022-08-12Trend MicroDaniel Lunghi, Jaromír Hořejší
Iron Tiger Compromises Chat Application Mimi, Targets Windows, Mac, and Linux Users
Rshell HyperBro Earth Berberoka
2022-05-23Trend MicroDaniel Lunghi, Jaromír Hořejší
Operation Earth Berberoka
reptile oRAT Ghost RAT PlugX pupy Earth Berberoka
2022-05-07YouTube (botconf eu)Daniel Lunghi, Jaromír Hořejší
Operation Gamblingpuppet: Analysis Of A Multiplatform Campaign Targeting Online Gambling Customers
Earth Berberoka
2022-04-27TrendmicroTrendmicro
IOCs for Earth Berberoka - MacOS
oRAT Earth Berberoka
2022-04-27TrendmicroTrendmicro
IOCs for Earth Berberoka - Windows
AsyncRAT Cobalt Strike PlugX Quasar RAT Earth Berberoka
2022-04-27TrendmicroTrendmicro
IOCs for Earth Berberoka
Earth Berberoka
2022-04-27Trend MicroDaniel Lunghi, Jaromír Hořejší
New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware
HelloBot AsyncRAT Ghost RAT HelloBot PlugX Quasar RAT Earth Berberoka
2022-04-27TrendmicroTrendmicro
IOCs for Earth Berberoka - Linux
Rekoobe pupy Earth Berberoka
2022-04-27TrendmicroDaniel Lunghi, Jaromír Hořejší
Operation Gambling Puppet
reptile oRAT AsyncRAT Cobalt Strike DCRat Ghost RAT PlugX Quasar RAT Trochilus RAT Earth Berberoka

Credits: MISP Project