Skip to content

Hide Navigation Hide TOC

Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1)

Earth Lusca is a threat actor from China that targets organizations of interest to the Chinese government, including academic institutions, telecommunication companies, religious organizations, and other civil society groups. Earth Lusca's tools closely resemble those used by Winnti Umbrella, but the group appears to operate separately from Winnti. Earth Lusca has also been observed targeting cryptocurrency payment platforms and cryptocurrency exchanges in what are likely financially motivated attacks.

Cluster A Galaxy A Cluster B Galaxy B Level
Charcoal Typhoon (3f8b7c98-7484-523f-9d58-181274e6fc8f) Microsoft Activity Group actor Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor 1
Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor Spyder (f6b1560d-ec3d-498a-aec0-6e27e9ff5d42) Tool 1
Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor I-Soon (3b5a049a-aa88-4550-89b6-aae31e312a8c) Surveillance Vendor 1
Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor BIOPASS (74c3ad69-1b71-4c26-a542-b25318e8d27c) RAT 1
FunnySwitch (144f9fa1-f625-47ec-afde-bf8cedf6e949) Tool Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor 1
Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor SprySOCKS (a7794449-0c91-4362-835a-fa39be515e20) Tool 1
Cobalt Strike (ca44dd5e-fd9e-48b5-99cb-0b2629b9265f) RAT Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor 1
Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor ShadowPad (2448a4e1-46e3-4c42-9fd1-f51f8ede58c1) Tool 1
Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor FishMedley (f0e7f369-a67d-4361-9710-9987bb306e92) Threat Actor 1
Cobalt Strike (1a1d3ea4-972e-4c48-8d85-08d9db8f1550) Malpedia Cobalt Strike (ca44dd5e-fd9e-48b5-99cb-0b2629b9265f) RAT 2
Cobalt Strike (ca44dd5e-fd9e-48b5-99cb-0b2629b9265f) RAT Private Cluster (aafea02e-ece5-4bb2-91a6-3bf8c7f38a39) Unknown 2
Cobalt Strike (ca44dd5e-fd9e-48b5-99cb-0b2629b9265f) RAT Private Cluster (3da22160-12d9-4d27-a99f-338e8de3844a) Unknown 2
ShadowPad (e089e945-a523-4d11-a135-396f9b6c1dc7) Malpedia ShadowPad (2448a4e1-46e3-4c42-9fd1-f51f8ede58c1) Tool 2