Earth Minotaur - Threat Group Cards: A Threat Actor
Encyclopedia
Archived: 2026-04-05 14:25:36 UTC
Home > List all groups > Earth Minotaur
 APT group: Earth Minotaur
Names Earth Minotaur (Trend Micro)
Country China
Motivation Information theft and espionage
First seen 2019
Description
(Trend Micro) We believe that Earth Minotaur is an intrusion set which hasn’t been publicly
reported. In the first report of MOONSHINE exploit kit in 2019, the threat actor using the
toolkit was named Poison Carp, Evil Eye. While both used the MOONSHINE exploit kit and
had similar targets, we did not find further connections between Earth Minotaur and POISON
CARP. The backdoor DarkNimbus had been developed in 2018 but was not found in any of
POISON CARP’s previous activity. Therefore, we categorized them as two different intrusion
sets.
Observed Sectors: Tibetan and Uyghur activists as well as those who are interested in their causes.
Tools used DarkNimbus, MOONSHINE.
Information <https://www.trendmicro.com/en_us/research/24/l/earth-minotaur.html>
Last change to this card: 27 December 2024
Download this actor card in PDF or JSON format
Source: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=7d5663d5-d239-4bc6-8532-0dfa5aa34363
https://apt.etda.or.th/cgi-bin/showcard.cgi?u=7d5663d5-d239-4bc6-8532-0dfa5aa34363
Page 1 of 1