{
	"id": "e8038b34-4b69-4752-810d-7dcac45ca515",
	"created_at": "2026-04-06T00:21:20.449511Z",
	"updated_at": "2026-04-10T03:32:24.905784Z",
	"deleted_at": null,
	"sha1_hash": "710293cc207da4eb0770e6bb3fc70e61369168d5",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50790,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 20:35:59 UTC\r\n APT group: Earth Alux\r\nNames Earth Alux (Trend Micro)\r\nCountry China\r\nMotivation Information theft and espionage\r\nFirst seen 2023\r\nDescription\r\n(Trend Micro) The Earth Alux APT group’s schemes and tactics have been uncloaked through\r\nour relentless monitoring and investigation efforts. The China-linked intrusion set is actively\r\nlaunching cyberespionage attacks against the government, technology, logistics,\r\nmanufacturing, telecommunications, IT services, and retail sectors.\r\nThe first sighting of its activity was in the second quarter of 2023; back then, it was\r\npredominantly observed in the APAC region. Around the middle of 2024, it was also spotted in\r\nLatin America.\r\nEarth Alux has also been observed to conduct regular tests for some of its toolsets to ensure\r\nstealth and longevity in the target environment.\r\nObserved\r\nSectors: Government, IT, Manufacturing, Retail, Shipping and Logistics, Technology,\r\nTelecommunications.\r\nCountries: Brazil, Malaysia, Philippines, Taiwan, Thailand.\r\nTools used\r\nCobalt Strike, Godzilla, MASQLOADER, RAILLOAD, RAILSETTER, RSBINJECT,\r\nVARGEIT.\r\nInformation \u003chttps://www.trendmicro.com/en_us/research/25/c/the-espionage-toolkit-of-earth-alux.html\u003e\r\nLast change to this card: 21 April 2025\r\nDownload this actor card in PDF or JSON format\r\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=a56a0330-c9ef-4365-8279-fe082dfc20e3\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=a56a0330-c9ef-4365-8279-fe082dfc20e3\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=a56a0330-c9ef-4365-8279-fe082dfc20e3"
	],
	"report_names": [
		"showcard.cgi?u=a56a0330-c9ef-4365-8279-fe082dfc20e3"
	],
	"threat_actors": [
		{
			"id": "2f964894-0020-457e-b4e7-65a8c8fe740c",
			"created_at": "2025-05-29T02:00:03.202897Z",
			"updated_at": "2026-04-10T02:00:03.858601Z",
			"deleted_at": null,
			"main_name": "Earth Alux",
			"aliases": [],
			"source_name": "MISPGALAXY:Earth Alux",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "fdcb30ba-5fef-4ae2-97bd-f8200f4bd2e5",
			"created_at": "2025-04-22T02:01:52.35523Z",
			"updated_at": "2026-04-10T02:00:04.658231Z",
			"deleted_at": null,
			"main_name": "Earth Alux",
			"aliases": [],
			"source_name": "ETDA:Earth Alux",
			"tools": [
				"Agentemis",
				"Cobalt Strike",
				"CobaltStrike",
				"Godzilla",
				"Godzilla Loader",
				"MASQLOADER",
				"RAILLOAD",
				"RAILSETTER",
				"RSBINJECT",
				"VARGEIT",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434880,
	"ts_updated_at": 1775791944,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/710293cc207da4eb0770e6bb3fc70e61369168d5.pdf",
		"text": "https://archive.orkl.eu/710293cc207da4eb0770e6bb3fc70e61369168d5.txt",
		"img": "https://archive.orkl.eu/710293cc207da4eb0770e6bb3fc70e61369168d5.jpg"
	}
}