{"id":46386,"date":"2022-04-27T00:00:00","date_gmt":"2022-04-27T00:00:00","guid":{"rendered":"urn:uuid:1d02e096-5bfc-96b8-9266-98c2c43944bc"},"modified":"2022-04-27T00:00:00","modified_gmt":"2022-04-27T00:00:00","slug":"new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/","title":{"rendered":"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/d\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/Earth%20Berberoka%20Targets%20Gambling%20Websites_641.jpg\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/d\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/Earth%20Berberoka%20Targets%20Gambling%20Websites_641.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>We dubbed these downloaders PuppetDownloaders since they are connected to the PuppetLoader malware family, as evidenced by our observations:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">This malware and PuppetLoader both use the same string decryption routine that uses the same key.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">This malware and PuppetLoader both use the same XOR key (2726c6aea9970bb95211304705b5f595) that is used to decrypt the embedded Loader.dll file.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">This malware and PuppetLoader\u2019s decrypted Loader.dlls share similar strings such as \u201c[-] UnExist pwszModuleFunName:\u201d. This suggests that a common framework was used to compile both DLLs.<\/span><\/li>\n<\/ul>\n<p><b>MFC socket downloaders<\/b><\/p>\n<p>We also saw WinRAR self-extracting (SFX) files dropping downloaders written using the Microsoft Foundation Class Library (MFC) framework. These MFC socket downloaders have an identical structure: One function creates a socket, connects to a domain or IP address, sends a short string, and then calls \u201crecv\u201d twice.<\/p>\n<p>The code flow is redirected through a call to EnumDesktopsA or EnumWindows, whose callback function pointers point to the downloaded content.<\/p>\n<p>The downloaders attempt to access ports 8080, 29527, and 8885. They also send the strings \u201cfeiji\u201d, \u201c@5436\u201d, and \u201cfhfgj@jfggdsg\u201d to the sockets. We found multiple samples of the same malware family that have the same structure and send the same strings. However, it is possible that multiple groups might be covertly sharing the source code for this malware.<\/p>\n<p><b>PlugX<\/b><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/12\/i\/unplugging-plugx-capabilities.html\">PlugX<\/a> is a remote access tool (RAT) that has been used as a malicious tool for espionage for more than a decade. We found that Earth Berberoka uses PlugX to target 32-bit and 64-bit architectures based on the samples we obtained and analyzed.<\/p>\n<p>This malware family has been upgraded to send a DWORD, a 32-bit unsigned integer, in the HELLO packet. A compromised system then sends the HELLO packet, which looks like a date in the yyyymmdd format, to the C&amp;C server.<\/p>\n<p>We found the following DWORDs in multiple samples we analyzed, which suggest that the versions we found were developed within the last two years: 20190520, 20201106, and 20210804.<\/p>\n<p>All of the samples we found are loaded in the same way: A legitimate and signed file that is vulnerable to DLL sideloading is placed alongside a malicious DLL, which decrypts and loads the third file containing the final payload.<\/p>\n<p>One of these malicious DLL files has the PDB path<i> <\/i>C:\\Users\\Administrator\\Desktop\\Plug7.0(Logger)\\logexts\\x64\\Release\\logexts.pdb.<\/p>\n<p><b>Gh0st RAT<\/b><\/p>\n<p>We also saw at least three different variants of <a href=\"https:\/\/attack.mitre.org\/software\/S0032\/\">Gh0st RAT<\/a>, another malware family that has been in the wild for <a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/ghostrat\">more than 10 years<\/a>, being used in Earth Berberoka\u2019s campaign. This malware family\u2019s source code is public, which is why it has many variants.<\/p>\n<p>One of the variants we analyzed had an interesting destructive feature: It replaces the master boot record (MBR) to display an explicit message (\u201cI am virus ! F*ck you :-)\u201d). This particular message was also seen in a <a href=\"https:\/\/d.thaihosttalk.com\/t\/i-am-virus-fuck-you\/34081\">public report<\/a> from a victim of this Gh0st RAT variant. A 2017 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) <a href=\"https:\/\/www.cisa.gov\/uscert\/sites\/default\/files\/documents\/Destructive_Malware_White_Paper_S508C.pdf\">report<\/a> also discussed how Gh0st RAT variants wiped the MBR and replaced it with messages that varied across different samples.<\/p>\n<p><b>Other Known Malware Families<\/b><\/p>\n<p>We also found other legitimate tools being abused by Earth Berberoka and a malware family being used by the group in its campaign:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/analysis-reports\/AR18-352A\">Quasar RAT<\/a> \u2013 a Windows-based open-source RAT that has been used by APT groups for network exploitation<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/details\/win.asyncrat\">AsyncRAT<\/a> \u2013 an open-source RAT that can be used to remotely monitor and control devices via an encrypted connection<\/span><\/li>\n<li><span class=\"rte-red-bullet\"><a href=\"https:\/\/securityaffairs.co\/wordpress\/43889\/cyber-crime\/new-rat-trochilus.html\">Trochilus<\/a> \u2013 a stealthy RAT that can evade sandbox analysis and can be used in cyberespionage campaigns<\/span><\/li>\n<\/ul>\n<p><span class=\"body-subhead-title\">Security recommendations<\/span><\/p>\n<p>Our analysis points to Earth Berberoka\u2019s having multiple tools and a large infrastructure at its disposal to target the gambling market. To avoid falling victim to Earth Berberoka\u2019s attacks, users and operators of gambling websites can adopt the following security recommendations:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Properly vet emails, websites, and apps before clicking on links or downloading apps.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Download apps only from trusted sources.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Watch out for malicious website flags, such as errors in grammar and spelling.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Block threats that arrive via email, such as malicious links, through hosted email security and antispam protection.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Use a multilayered security solution that helps with detecting, scanning, and blocking malicious URLs.<\/span><\/li>\n<\/ul>\n<p>The full technical details of our investigation can be found in our research paper, which we will publish soon. We list down the indicators of compromise (IOCs) for <a href=\"https:\/\/documents.trendmicro.com\/assets\/txt\/earth-berberoka-windows-iocs.txt\" target=\"_blank\" rel=\"noopener\">Windows<\/a>, <a href=\"https:\/\/documents.trendmicro.com\/assets\/txt\/earth-berberoka-linux-iocs.txt\" target=\"_blank\" rel=\"noopener\">Linux<\/a>, and <a href=\"https:\/\/documents.trendmicro.com\/assets\/txt\/earth-berberoka-macos-iocs.txt\" target=\"_blank\" rel=\"noopener\">macOS<\/a> in separate text files.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/d\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>We recently found a new advanced persistent threat (APT) group that we have dubbed Earth Berberoka (aka GamblingPuppet). This APT group targets gambling websites on Windows, macOS, and Linux platforms using old and new malware families. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":46387,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9508,9509],"class_list":["post-46386","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-endpoints","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-04-27T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/d\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/Earth%20Berberoka%20Targets%20Gambling%20Websites_641.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware\",\"datePublished\":\"2022-04-27T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/\"},\"wordCount\":751,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware.jpg\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Endpoints\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/\",\"name\":\"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware.jpg\",\"datePublished\":\"2022-04-27T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/04\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware.jpg\",\"width\":641,\"height\":350},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/","og_locale":"en_US","og_type":"article","og_title":"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-04-27T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/d\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/Earth%20Berberoka%20Targets%20Gambling%20Websites_641.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware","datePublished":"2022-04-27T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/"},"wordCount":751,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/04\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware.jpg","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Endpoints","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/","url":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/","name":"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/04\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware.jpg","datePublished":"2022-04-27T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/04\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/04\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware.jpg","width":641,"height":350},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/new-apt-group-earth-berberoka-targets-gambling-websites-with-old-and-new-malware\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"New APT Group Earth Berberoka Targets Gambling Websites With Old and New Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46386","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46386"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46386\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/46387"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}