From b2e9f6c1524da288d7d1aa5cbe47d3f8757cbe2c Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Wed, 20 Mar 2024 10:23:42 -0700
Subject: [PATCH] [threat-actors] Add Earth Kapre

---
 clusters/threat-actor.json | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 39c195c..5cbfc37 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -15351,6 +15351,20 @@
       },
       "uuid": "ffb28c09-16a6-483a-817a-89c89751c9d4",
       "value": "UNC5325"
+    },
+    {
+      "description": "Earth Kapre is an APT group specializing in cyberespionage. They target organizations in various countries through phishing campaigns using malicious attachments to infect machines. Earth Kapre employs techniques like abusing PowerShell, curl, and Program Compatibility Assistant to execute malicious commands and evade detection within targeted networks. The group has been active since at least 2018 and has been linked to multiple incidents involving data theft and espionage.",
+      "meta": {
+        "refs": [
+          "https://www.trendmicro.com/en_us/research/24/c/unveiling-earth-kapre-aka-redcurls-cyberespionage-tactics-with-t.html"
+        ],
+        "synonyms": [
+          "RedCurl",
+          "Red Wolf"
+        ]
+      },
+      "uuid": "d4004926-bf12-4cfe-b141-563c8ffb304a",
+      "value": "Earth Kapre"
     }
   ],
   "version": 304