{
	"id": "e1567ea1-1e0d-4c2f-9170-0dcdc55d6062",
	"created_at": "2026-04-06T00:18:10.541006Z",
	"updated_at": "2026-04-10T03:30:41.774565Z",
	"deleted_at": null,
	"sha1_hash": "03ff8222a640ab0c0f09802c273aa35203cb4e4f",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47419,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 17:05:23 UTC\r\n APT group: Antlion\r\nNames Antlion (?)\r\nCountry China\r\nMotivation Information theft and espionage\r\nFirst seen 2011\r\nDescription\r\n(Symantec) Antlion is believed to have been involved in espionage activities since at least\r\n2011, and this recent activity shows that it is still an actor to be aware of more than 10 years\r\nafter it first appeared.\r\nThe length of time that Antlion was able to spend on victim networks is notable, with the\r\ngroup able to spend several months on victim networks, affording plenty of time to seek out\r\nand exfiltrate potentially sensitive information from infected organizations. The targeting of\r\nTaiwan is perhaps unsurprising given we know Chinese state-backed groups tend to be\r\ninterested in organizations in that region.\r\nObserved\r\nSectors: Financial, Manufacturing.\r\nCountries: Taiwan.\r\nTools used\r\nCheckID, EHAGBPSL, ENCODE MMC, JpgRun, NetSessionEnum, ProcDump, PsExec,\r\nxPack, WinRAR, Living off the Land.\r\nInformation\r\n\u003chttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks\u003e\r\nLast change to this card: 04 February 2022\r\nDownload this actor card in PDF or JSON format\r\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d3d31dfb-086b-437d-92f8-bb116d2177eb\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d3d31dfb-086b-437d-92f8-bb116d2177eb\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d3d31dfb-086b-437d-92f8-bb116d2177eb"
	],
	"report_names": [
		"showcard.cgi?u=d3d31dfb-086b-437d-92f8-bb116d2177eb"
	],
	"threat_actors": [
		{
			"id": "6360ea44-b90d-435c-b3cd-9724751b8294",
			"created_at": "2023-01-06T13:46:39.304451Z",
			"updated_at": "2026-04-10T02:00:03.281303Z",
			"deleted_at": null,
			"main_name": "Antlion",
			"aliases": [],
			"source_name": "MISPGALAXY:Antlion",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6ad5ab33-9a45-43d3-b0e4-70b7f9d836f8",
			"created_at": "2022-10-25T16:07:23.309518Z",
			"updated_at": "2026-04-10T02:00:04.535597Z",
			"deleted_at": null,
			"main_name": "Antlion",
			"aliases": [],
			"source_name": "ETDA:Antlion",
			"tools": [
				"CheckID",
				"EHAGBPSL",
				"EHAGBPSL Loader",
				"ENCODE MMC",
				"JpgRun",
				"JpgRun Loader",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"NERAPACK",
				"NetSessionEnum",
				"ProcDump",
				"PsExec",
				"WinRAR",
				"xPack"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434690,
	"ts_updated_at": 1775791841,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/03ff8222a640ab0c0f09802c273aa35203cb4e4f.pdf",
		"text": "https://archive.orkl.eu/03ff8222a640ab0c0f09802c273aa35203cb4e4f.txt",
		"img": "https://archive.orkl.eu/03ff8222a640ab0c0f09802c273aa35203cb4e4f.jpg"
	}
}