{"id":59987,"date":"2026-01-13T00:00:00","date_gmt":"2026-01-13T00:00:00","guid":{"rendered":"urn:uuid:00ad9ec6-8cbb-b008-8c0f-cb920ec0ad4e"},"modified":"2026-01-13T00:00:00","modified_gmt":"2026-01-13T00:00:00","slug":"key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/","title":{"rendered":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/shadow-aether-earth-preta_thumb:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/26\/shadow-aether-earth-preta_thumb.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><b>Key takeaways:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">The&nbsp;MITRE ATT&amp;CK Evaluation Round 7 (ER7 2025)&nbsp;validates&nbsp;the progress made by&nbsp;Trend&nbsp;Vision One\u2122&nbsp;toward a unified security operations platform.&nbsp;This blog discusses further&nbsp;the results of TrendAI\u2122 in ER7.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Scenario 1 (Demeter),&nbsp;an emulation&nbsp;inspired by&nbsp;SHADOW-AETHER-015&nbsp;shows&nbsp;the complexity of modern cloud attacks, where adversaries can pivot from compromised endpoints to cloud infrastructure,&nbsp;leveraging&nbsp;stolen credentials and tokens to&nbsp;establish&nbsp;persistence, move laterally across hybrid environments, and exfiltrate sensitive data at&nbsp;scale.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Meanwhile,&nbsp;scenario 2 (Hermes),&nbsp;the emulation&nbsp;inspired by Earth Preta,&nbsp;highlights the sophistication of phishing-based attacks, emphasizing the use of advanced loaders, anti-analysis techniques, lateral movement, credential harvesting, and data exfiltration, followed by meticulous cleanup to reduce forensic traces and hinder detection.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">TrendAI\u2019s results in the&nbsp;MITRE ATT&amp;CK ER7 align strongly with the&nbsp;current need for platforms to automatically correlate telemetry into meaningful alerts across hybrid environments.&nbsp;Trend Vision One\u2122 detects and blocks the&nbsp;IoCs&nbsp;related to the threat actors mentioned in this blog. TrendAI customers can also access tailored hunting queries, threat insights, and intelligence reports to better understand and proactively defend against&nbsp;these threat actor groups.<\/span><\/li>\n<\/ul>\n<p>This blog examines&nbsp;notable modern techniques, tactics, and procedures (TTPs)&nbsp;that Trend Research\u2122 has&nbsp;observed in&nbsp;the two emulations&nbsp;during the&nbsp;MITRE ATT&amp;CK Evaluation Round 7 (ER7 2025)&nbsp;that featured&nbsp;<a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/25\/b\/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html\">Earth Preta<\/a>&nbsp;(also known as Mustang Panda), and&nbsp;SHADOW-AETHER-015&nbsp;(Trend Research\u2019s intrusion name for&nbsp;a particular group of&nbsp;activities&nbsp;with&nbsp;modern TTPs&nbsp;characterized&nbsp;by AI-generated attacks, sophisticated phishing attacks, and\/or social engineering).&nbsp;These&nbsp;observed,&nbsp;analyzed,&nbsp;and reported TTPs support&nbsp;the&nbsp;performance of Trend Vision One\u2122&nbsp;in&nbsp;ER7, reinforcing the position of TrendAI\u2122 as&nbsp;a trusted leader in detection and response innovation.&nbsp;<\/p>\n<p>The&nbsp;ER7&nbsp;marked a significant evolution in MITRE\u2019s approach&nbsp;where,&nbsp;it&nbsp;now includes both on-premises and cloud-based attacks, as well as the&nbsp;Reconnaissance tactic. This not only simulates hybrid environments that real SOC teams defend against today but also highlights the necessity for SOC teams to rely on effective enterprise tools.&nbsp;Trend&nbsp;Vision One\u2019s&nbsp;results&nbsp;in ER7&nbsp;reinforces TrendAI&#8217;s position as a trusted leader in detection and response innovation.&nbsp;Enterprises can rely on the platform for up to date, and up to standard&nbsp;analytic coverage across all major attack steps,&nbsp;protection across all evaluated attack opportunities, and cloud layer coverage, including both detection and protection.&nbsp;<\/p>\n<p><span class=\"body-subhead-title\">MITRE&nbsp;scenario 1 (Demeter)\u202f&nbsp;&nbsp;<\/span>In this&nbsp;emulation, cloud (AWS) scenarios highlighted how attackers&nbsp;can&nbsp;pivot from an endpoint into the cloud&nbsp;where the intrusion begins&nbsp;by&nbsp;phishing an unmanaged workstation using an adversary-in-the-middle SSO kit to steal high-privilege credentials and MFA tokens. This&nbsp;enables&nbsp;RDP access, internal discovery, Active Directory enumeration, and reconnaissance of shared network resources.\u202f<\/p>\n<p>The attacker then pivots to AWS, enumerating IAM, S3, VPCs, and costs while evading\u202fdefenses,\u202festablishing\u202fpersistence through a new admin IAM user and a privileged EC2 instance. This allows them to&nbsp;harvest secrets and tokens, moving laterally across Linux and Windows systems using\u202ftunnelling\u202fand RMM tools.&nbsp;<\/p>\n<p>The attack concludes with large-scale data collection and exfiltration, syncing application and file-share data from internal systems to attacker-controlled S3 buckets.\u202f<\/p>\n<p>This section provides a high-level summary of how Scenario\u202f1\u202f(Demeter) unfolds, highlighting the core execution flow, infrastructure interactions, and progression of the attack chain from\u202finitial\u202faccess through cleanup.\u202f<\/p>\n<p>For a detailed, step-by-step breakdown of the scenario&nbsp;that&nbsp;includes&nbsp;emulation context, tooling, and attack\u202fobjectives,&nbsp;refer to\u202f<a href=\"https:\/\/attackevals.github.io\/ael\/enterprise\/scattered_spider\/cti_emulation_resources\/scattered_spider_scenario_overview\/\">MITRE\u2019s official CTI emulation documentation<\/a>.<\/p>\n<p><span class=\"body-subhead-title\">More information that enterprises should know about&nbsp;SHADOW-AETHER-015<\/span><\/p>\n<p>Scenario 1 is inspired by&nbsp;observed&nbsp;TTPs from&nbsp;SHADOW-AETHER-015,&nbsp;a highly adaptable and aggressive cybercriminal group&nbsp;known for fluent English-language social engineering, particularly vishing and help-desk impersonation,&nbsp;which&nbsp;allows&nbsp;operators to blend effectively into corporate support environments.<\/p>\n<p>Their activity&nbsp;is characterized by&nbsp;identity abuse,&nbsp;and&nbsp;cloud compromise. The group is also known to use&nbsp;multi-pressure extortion: high-value data theft, leak threats, ransomware, cloud\/VMware disruption, and employee intimidation.&nbsp;SHADOW-AETHER-015&nbsp;primarily\u202ftargets\u202fidentity and access management systems such as Okta and Azure AD\/Entra ID, abusing social engineering, MFA fatigue, token theft, and adversary-in-the-middle phishing to bypass authentication controls. After gaining identity access,&nbsp;the&nbsp;threat&nbsp;actors\u202fleverage\u202flegitimate credentials&nbsp;with IAM misuse and configuration abuse&nbsp;to move laterally across SaaS and cloud environments, including AWS, Azure, and Google Workspace.&nbsp;<\/p>\n<p>Activities linked to the&nbsp;group initially focused on SIM-swapping and telecommunications&nbsp;fraud, but has since evolved&nbsp;to&nbsp;target cloud,&nbsp;<a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/unc3944-targets-saas-applications\">SaaS<\/a>, and enterprise environments for data theft and, in some cases, ransomware deployment.&nbsp;The group&nbsp;diversifies&nbsp;monetization through cryptocurrency&nbsp;theft, account-takeover resale, long-term cloud persistence, partnerships with multiple RaaS groups, and selling large customer datasets.&nbsp;<\/p>\n<p>SHADOW-AETHER-015&nbsp;is a&nbsp;<a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/unc3944-proactive-hardening-recommendations\">group<\/a>&nbsp;focused on high-value, high-leverage intrusions,&nbsp;and have been&nbsp;observed&nbsp;to&nbsp;consistently pursue enterprises with massive data, complex IT operations, and low tolerance for downtime. Their list of victims suggest that the group&nbsp;prioritizes&nbsp;sectors rich in credit-card data, travel records,\u202fhealthcare\u202fand loyalty information.&nbsp;<\/p>\n<p>The group\u2019s&nbsp;operations have affected telecommunications&nbsp;and&nbsp;business process outsourcing (BPO)&nbsp;providers.&nbsp;The&nbsp;group&nbsp;has&nbsp;also compromised tech&nbsp;SaaS and identity platforms to obtain privileged access into enterprise environments, alongside notable intrusions in hospitality&nbsp;and&nbsp;gaming organizations.\u202fAdditional\u202ftargets include finance and insurance firms, aviation&nbsp;and&nbsp;travel operators, and&nbsp;managed service&nbsp;provider&nbsp;(MSP) and IT&nbsp;companies.<\/p>\n<p>SHADOW-AETHER-015&nbsp;has been&nbsp;observed&nbsp;to be most active in English-speaking countries such as the US, UK, Canada, and Australia, with&nbsp;additional&nbsp;victim presence in India, Singapore, Thailand, and Brazil.&nbsp;<\/p>\n<p>The earliest structured campaigns&nbsp;linked to the&nbsp;group&nbsp;occurred in\u202ffrom March to July&nbsp;2022\u202funder the \u201c0ktapus\u201d phishing campaign,&nbsp;but it should be noted that&nbsp;some SIM-swapping activity&nbsp;that could be potentially&nbsp;linked to early&nbsp;SHADOW-AETHER-015&nbsp;operators predates this.\u202f<\/p>\n<p>The group\u2019s&nbsp;<a href=\"https:\/\/www.quorumcyber.com\/threat-actors\/scattered-spider-threat-actor-profile\/\">progression<\/a>&nbsp;shows rapid&nbsp;<a href=\"https:\/\/www.sans.org\/blog\/defending-against-scattered-spider-and-the-com-with-cybercrime-intelligence\/\">improvement<\/a>&nbsp;in both technical sophistication and operational ambition&nbsp;as shown in&nbsp;figure&nbsp;1.&nbsp;<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/26\/a\/shadow-aether-015-earth-preta-mitre.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from Trend Research\u2122 monitoring and Trend Vision One\u2122 intelligence. These findings support the performance of TrendAI\u2122 in the 2025 MITRE ATT&#038;CK Evaluations. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":59988,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9511,9509],"class_list":["post-59987","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-13T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/shadow-aether-earth-preta_thumb:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122\",\"datePublished\":\"2026-01-13T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/\"},\"wordCount\":1137,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one.jpg\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/\",\"name\":\"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one.jpg\",\"datePublished\":\"2026-01-13T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one.jpg\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/","og_locale":"en_US","og_type":"article","og_title":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-01-13T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/shadow-aether-earth-preta_thumb:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122","datePublished":"2026-01-13T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/"},"wordCount":1137,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one.jpg","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/","url":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/","name":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one.jpg","datePublished":"2026-01-13T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one.jpg","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trend-vision-one\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with Trend Vision One\u2122"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59987","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=59987"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59987\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/59988"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=59987"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=59987"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=59987"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}