{ "id": "a492aee2-aa09-4a79-8138-822b74fc29bb", "created_at": "2026-04-06T00:18:42.859227Z", "updated_at": "2026-04-10T13:12:42.060707Z", "deleted_at": null, "sha1_hash": "1b31b6e1243dcdeed4847de0e03e0b7a6802772e", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 50689, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 23:09:08 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Dripion\r\n Tool: Dripion\r\nNames\r\nDripion\r\nMasson\r\nCategory Malware\r\nType Backdoor, Info stealer\r\nDescription\r\n(Symantec) Once Dripion is installed, the attacker can access the user’s computer. Dripion has\r\nthe functionally of a back door Trojan, letting attackers upload, download, and steal pre-determined information from the victim, and execute remote commands. Information such as\r\nthe victim’s computer name and IP address are automatically transmitted to the C\u0026C server\r\nupon the initial infection.\r\nInformation\r\n\u003chttps://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=b0649cc1-a60f-4cd7-ba3e-832e218de385\u0026CommunityKey=1ecf5f55-9545-44d6-b0f4-\r\n4e4a7f5f5e68\u0026tab=librarydocuments\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.dripion\u003e\r\nLast change to this tool card: 28 December 2022\r\nDownload this tool card in JSON format\r\nAll groups using tool Dripion\r\nChanged Name Country Observed\r\nAPT groups\r\n  Taidoor 2008-Late 2015  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d4597535-d2c1-49d0-94ee-5cff2d72be8c\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d4597535-d2c1-49d0-94ee-5cff2d72be8c\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d4597535-d2c1-49d0-94ee-5cff2d72be8c\r\nPage 2 of 2\n\nAPT groups Taidoor 2008-Late 2015 \n1 group listed (1 APT, 0 other, 0 unknown) \n Page 1 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d4597535-d2c1-49d0-94ee-5cff2d72be8c" ], "report_names": [ "listgroups.cgi?u=d4597535-d2c1-49d0-94ee-5cff2d72be8c" ], "threat_actors": [ { "id": "71b19e59-b5f7-4bc6-816d-194be0f02af0", "created_at": "2022-10-25T16:07:24.301036Z", "updated_at": "2026-04-10T02:00:04.928222Z", "deleted_at": null, "main_name": "Taidoor", "aliases": [ "Budminer", "Earth Aughisky", "G0015" ], "source_name": "ETDA:Taidoor", "tools": [ "Dripion", "Masson", "Taidoor", "simbot" ], "source_id": "ETDA", "reports": null }, { "id": "50bd4a6c-7542-4bdd-8b37-ab468fc428ef", "created_at": "2023-01-06T13:46:38.998658Z", "updated_at": "2026-04-10T02:00:03.176186Z", "deleted_at": null, "main_name": "Taidoor", "aliases": [ "G0015", "Earth Aughisky" ], "source_name": "MISPGALAXY:Taidoor", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "478e9b27-39b9-49e4-a3c5-81569a767275", "created_at": "2022-10-25T15:50:23.417339Z", "updated_at": "2026-04-10T02:00:05.41593Z", "deleted_at": null, "main_name": "Taidoor", "aliases": [ "Taidoor" ], "source_name": "MITRE:Taidoor", "tools": null, "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434722, "ts_updated_at": 1775826762, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/1b31b6e1243dcdeed4847de0e03e0b7a6802772e.pdf", "text": "https://archive.orkl.eu/1b31b6e1243dcdeed4847de0e03e0b7a6802772e.txt", "img": "https://archive.orkl.eu/1b31b6e1243dcdeed4847de0e03e0b7a6802772e.jpg" } }