Intel Name: Earth preta evolves its attacks with new malware and strategies
Date of Scan: September 10, 2024
Impact: High
Summary: Earth Preta has enhanced its attacks by using a variant of the HIUPAN worm to spread PUBLOAD. It has also deployed tools like FDMTP and PTSOCKET to expand its control and data exfiltration abilities. Additionally, spear-phishing emails with multi-stage downloaders such as DOWNBAIT and PULLBAIT have facilitated further malware installations. These attacks are highly targeted and time-sensitive, focusing on specific countries and sectors within the APAC region for swift deployment and data extraction.