G1014 · 28 ATT&CK techniques · 0 correlated reports

LuminousMoth

Aliases: None listed

LuminousMoth is a Chinese-speaking cyber espionage group that has been active since at least October 2020. LuminousMoth has targeted high-profile organizations, including government entities, in Myanmar, the Philippines, Thailand, and other parts of Southeast Asia. Some security researchers have concluded there is a connection between LuminousMoth and Mustang Panda based on similar targeting and TTPs, as well as network infrastructure overlaps.

Open interactive actor investigation

ATT&CK techniques

T1539
Steal Web Session CookieT1567.002
Exfiltration to Cloud StorageT1566.002
Spearphishing LinkT1588.001
MalwareT1030
Data Transfer Size LimitsT1564.001
Hidden Files and DirectoriesT1608.001
Upload MalwareT1091
Replication Through Removable MediaT1041
Exfiltration Over C2 ChannelT1608.004
Drive-by TargetT1608.005
Link TargetT1587.001
MalwareT1071.001
Web ProtocolsT1105
Ingress Tool TransferT1557.002
ARP Cache PoisoningT1588.002
ToolT1005
Data from Local SystemT1204.001
Malicious LinkT1574.002
DLL Side-LoadingT1547.001
Registry Run Keys / Startup FolderT1083
File and Directory DiscoveryT1033
System Owner/User DiscoveryT1560
Archive Collected DataT1036.005
Match Legitimate Name or LocationT1112
Modify RegistryT1053.005
Scheduled TaskT1588.004
Digital CertificatesT1553.002
Code Signing

Correlated CTI and IR reports

Continue the investigation

Interactive ThreatMapper ThreatMapper documentation CTI Analyst Field Manual Israel Threat Actors CTI Anomaly Detection Atlas ITDR Handbook 1200km Medium research