Skip to content

Hide Navigation Hide TOC

Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1)

Earth Lusca is a threat actor from China that targets organizations of interest to the Chinese government, including academic institutions, telecommunication companies, religious organizations, and other civil society groups. Earth Lusca's tools closely resemble those used by Winnti Umbrella, but the group appears to operate separately from Winnti. Earth Lusca has also been observed targeting cryptocurrency payment platforms and cryptocurrency exchanges in what are likely financially motivated attacks.

Cluster A Galaxy A Cluster B Galaxy B Level
Charcoal Typhoon (3f8b7c98-7484-523f-9d58-181274e6fc8f) Microsoft Activity Group actor Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor 1
Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor BIOPASS (74c3ad69-1b71-4c26-a542-b25318e8d27c) RAT 1
FishMedley (f0e7f369-a67d-4361-9710-9987bb306e92) Threat Actor Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor 1
Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor Spyder (f6b1560d-ec3d-498a-aec0-6e27e9ff5d42) Tool 1
FunnySwitch (144f9fa1-f625-47ec-afde-bf8cedf6e949) Tool Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor 1
SprySOCKS (a7794449-0c91-4362-835a-fa39be515e20) Tool Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor 1
Cobalt Strike (ca44dd5e-fd9e-48b5-99cb-0b2629b9265f) RAT Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor 1
ShadowPad (2448a4e1-46e3-4c42-9fd1-f51f8ede58c1) Tool Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor 1
Earth Lusca (39150b30-61af-4d9c-9682-1595e145f3c1) Threat Actor I-Soon (3b5a049a-aa88-4550-89b6-aae31e312a8c) Surveillance Vendor 1
Cobalt Strike (ca44dd5e-fd9e-48b5-99cb-0b2629b9265f) RAT Cobalt Strike (1a1d3ea4-972e-4c48-8d85-08d9db8f1550) Malpedia 2
Cobalt Strike (ca44dd5e-fd9e-48b5-99cb-0b2629b9265f) RAT Private Cluster (aafea02e-ece5-4bb2-91a6-3bf8c7f38a39) Unknown 2
Cobalt Strike (ca44dd5e-fd9e-48b5-99cb-0b2629b9265f) RAT Private Cluster (3da22160-12d9-4d27-a99f-338e8de3844a) Unknown 2
ShadowPad (2448a4e1-46e3-4c42-9fd1-f51f8ede58c1) Tool ShadowPad (e089e945-a523-4d11-a135-396f9b6c1dc7) Malpedia 2