{"id":59995,"date":"2026-01-13T00:00:00","date_gmt":"2026-01-13T00:00:00","guid":{"rendered":"urn:uuid:e989da45-5d8e-3c50-de58-2180649db40d"},"modified":"2026-01-13T00:00:00","modified_gmt":"2026-01-13T00:00:00","slug":"key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/","title":{"rendered":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/shadow-aether-earth-preta_thumb:Large?qlt=80\"><\/p>\n<div><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/thumbnails\/26\/shadow-aether-earth-preta_thumb.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p><b>Key takeaways:<\/b><\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">The MITRE ATT&amp;CK Evaluation Round 7 (ER7 2025) validates the progress made by TrendAI Vision One\u2122 toward a unified security operations platform. This blog discusses further the results of TrendAI\u2122 in ER7.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Scenario 1 (Demeter), an emulation inspired by SHADOW-AETHER-015 shows the complexity of modern cloud attacks, where adversaries can pivot from compromised endpoints to cloud infrastructure, leveraging stolen credentials and tokens to establish persistence, move laterally across hybrid environments, and exfiltrate sensitive data at scale.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Meanwhile, scenario 2 (Hermes), the emulation inspired by Earth Preta, highlights the sophistication of phishing-based attacks, emphasizing the use of advanced loaders, anti-analysis techniques, lateral movement, credential harvesting, and data exfiltration, followed by meticulous cleanup to reduce forensic traces and hinder detection.<\/span><\/li>\n<li><span class=\"rte-red-bullet\">TrendAI\u2019s results in the MITRE ATT&amp;CK ER7 align strongly with the current need for platforms to automatically correlate telemetry into meaningful alerts across hybrid environments. TrendAI Vision One detects and blocks the IoCs related to the threat actors mentioned in this blog. TrendAI customers can also access tailored hunting queries, threat insights, and intelligence reports to better understand and proactively defend against these threat actor groups.<\/span><\/li>\n<\/ul>\n<p>This blog examines notable modern techniques, tactics, and procedures (TTPs) that TrendAI\u2122 Research has observed in the two emulations during the MITRE ATT&amp;CK Evaluation Round 7 (ER7 2025) that featured <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/25\/b\/earth-preta-mixes-legitimate-and-malicious-components-to-sidestep-detection.html\">Earth Preta<\/a> (also known as Mustang Panda), and SHADOW-AETHER-015 (TrendAI Research\u2019s intrusion name for a particular group of activities with modern TTPs characterized by AI-generated attacks, sophisticated phishing attacks, and\/or social engineering). These observed, analyzed, and reported TTPs support the performance of TrendAI Vision One\u2122 in ER7, reinforcing the position of TrendAI\u2122 as a trusted leader in detection and response innovation.<\/p>\n<p>The ER7 marked a significant evolution in MITRE\u2019s approach where, it now includes both on-premises and cloud-based attacks, as well as the Reconnaissance tactic. This not only simulates hybrid environments that real SOC teams defend against today but also highlights the necessity for SOC teams to rely on effective enterprise tools. TrendAI Vision One\u2019s results in ER7 reinforces TrendAI&#8217;s position as a trusted leader in detection and response innovation. Enterprises can rely on the platform for up to date, and up to standard analytic coverage across all major attack steps, protection across all evaluated attack opportunities, and cloud layer coverage, including both detection and protection.<\/p>\n<p><span class=\"body-subhead-title\">MITRE scenario 1 (Demeter)\u202f<\/span><\/p>\n<p>In this emulation, cloud (AWS) scenarios highlighted how attackers can pivot from an endpoint into the cloud where the intrusion begins by phishing an unmanaged workstation using an adversary-in-the-middle SSO kit to steal high-privilege credentials and MFA tokens. This enables RDP access, internal discovery, Active Directory enumeration, and reconnaissance of shared network resources.\u202f<\/p>\n<p>The attacker then pivots to AWS, enumerating IAM, S3, VPCs, and costs while evading\u202fdefenses, establishing\u202fpersistence through a new admin IAM user, and a privileged EC2 instance. This allows them to harvest secrets and tokens, moving laterally across Linux and Windows systems using\u202ftunnelling\u202fand RMM tools. The attack concludes with large-scale data collection and exfiltration, syncing application and file-share data from internal systems to attacker-controlled S3 buckets.\u202f<\/p>\n<p>This section provides a high-level summary of how Scenario\u202f1\u202f(Demeter) unfolds, highlighting the core execution flow, infrastructure interactions, and progression of the attack chain from\u202finitial\u202faccess through cleanup.\u202f<\/p>\n<p>For a detailed, step-by-step breakdown of the scenario that includes emulation context, tooling, and attack\u202fobjectives, refer to\u202f<a href=\"https:\/\/attackevals.github.io\/ael\/enterprise\/scattered_spider\/cti_emulation_resources\/scattered_spider_scenario_overview\/\">MITRE\u2019s official CTI emulation documentation<\/a>.<\/p>\n<p><span class=\"body-subhead-title\">More information that enterprises should know about SHADOW-AETHER-015<\/span><\/p>\n<p>Scenario 1 is inspired by observed TTPs from SHADOW-AETHER-015, a highly adaptable and aggressive cybercriminal group known for fluent English-language social engineering, particularly vishing and help-desk impersonation, which allows operators to blend effectively into corporate support environments.<\/p>\n<p>Their activity is characterized by identity abuse, and cloud compromise. The group is also known to use multi-pressure extortion: high-value data theft, leak threats, ransomware, cloud\/VMware disruption, and employee intimidation. SHADOW-AETHER-015 primarily\u202ftargets\u202fidentity and access management systems such as Okta and Azure AD\/Entra ID, abusing social engineering, MFA fatigue, token theft, and adversary-in-the-middle phishing to bypass authentication controls. After gaining identity access, the threat actors\u202fleverage\u202flegitimate credentials with IAM misuse and configuration abuse to move laterally across SaaS and cloud environments, including AWS, Azure, and Google Workspace.<\/p>\n<p>Activities linked to the group initially focused on SIM-swapping and telecommunications fraud, but has since evolved to target cloud, <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/unc3944-targets-saas-applications\">SaaS<\/a>, and enterprise environments for data theft and, in some cases, ransomware deployment. The group diversifies monetization through cryptocurrency theft, account-takeover resale, long-term cloud persistence, partnerships with multiple RaaS groups, and selling large customer datasets.<\/p>\n<p>SHADOW-AETHER-015 is a <a href=\"https:\/\/cloud.google.com\/blog\/topics\/threat-intelligence\/unc3944-proactive-hardening-recommendations\">group<\/a> focused on high-value, high-leverage intrusions, and have been observed to consistently pursue enterprises with massive data, complex IT operations, and low tolerance for downtime. Their list of victims suggest that the group prioritizes sectors rich in credit-card data, travel records,\u202fhealthcare\u202fand loyalty information.<\/p>\n<p>The group\u2019s operations have affected telecommunications and business process outsourcing (BPO) providers. The group has also compromised tech SaaS and identity platforms to obtain privileged access into enterprise environments, alongside notable intrusions in hospitality and gaming organizations.\u202fAdditional\u202ftargets include finance and insurance firms, aviation and travel operators, and managed service provider (MSP) and IT companies.<\/p>\n<p>SHADOW-AETHER-015 has been observed to be most active in English-speaking countries such as the US, UK, Canada, and Australia, with additional victim presence in India, Singapore, Thailand, and Brazil.<\/p>\n<p>The earliest structured campaigns linked to the group occurred in\u202ffrom March to July 2022\u202funder the \u201c0ktapus\u201d phishing campaign, but it should be noted that some SIM-swapping activity that could be potentially linked to early SHADOW-AETHER-015 operators predates this.\u202f<\/p>\n<p>The group\u2019s <a href=\"https:\/\/www.quorumcyber.com\/threat-actors\/scattered-spider-threat-actor-profile\/\">progression<\/a> shows rapid <a href=\"https:\/\/www.sans.org\/blog\/defending-against-scattered-spider-and-the-com-with-cybercrime-intelligence\/\">improvement<\/a> in both technical sophistication and operational ambition as shown in figure 1.<\/p>\n<p> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/26\/a\/shadow-aether-015-earth-preta-mitre.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This blog discusses notable modern TTPs observed from SHADOW-AETHER-015 and Earth Preta, from TrendAI Research\u2122 monitoring and TrendAI Vision One\u2122 intelligence. These findings support the performance of TrendAI\u2122 in the 2025 MITRE ATT&#038;CK Evaluations. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":59996,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9546,9510,9511,9509],"class_list":["post-59995","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-apttargeted-attacks","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-cyber-threats","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-13T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/shadow-aether-earth-preta_thumb:Large?qlt=80\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122\",\"datePublished\":\"2026-01-13T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/\"},\"wordCount\":967,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one.jpg\",\"keywords\":[\"Trend Micro Research : APT&amp;Targeted Attacks\",\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Cyber Threats\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/\",\"name\":\"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one.jpg\",\"datePublished\":\"2026-01-13T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/01\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one.jpg\",\"width\":976,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : APT&amp;Targeted Attacks\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-apttargeted-attacks\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/","og_locale":"en_US","og_type":"article","og_title":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2026-01-13T00:00:00+00:00","og_image":[{"url":"https:\/\/trendmicro.scene7.com\/is\/image\/trendmicro\/shadow-aether-earth-preta_thumb:Large?qlt=80","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122","datePublished":"2026-01-13T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/"},"wordCount":967,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one.jpg","keywords":["Trend Micro Research : APT&amp;Targeted Attacks","Trend Micro Research : Articles, News, Reports","Trend Micro Research : Cyber Threats","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/","url":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/","name":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one.jpg","datePublished":"2026-01-13T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2026\/01\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one.jpg","width":976,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/key-insights-on-shadow-aether-015-and-earth-preta-from-the-2025-mitre-attck-evaluation-with-trendai-vision-one\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : APT&amp;Targeted Attacks","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-apttargeted-attacks\/"},{"@type":"ListItem","position":3,"name":"Key Insights on SHADOW-AETHER-015 and Earth Preta from the 2025 MITRE ATT&amp;CK Evaluation with TrendAI Vision One\u2122"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59995","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=59995"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/59995\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/59996"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=59995"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=59995"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=59995"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}