{
	"id": "8fb0a54e-e93f-4b5c-9947-7c47a29ad637",
	"created_at": "2026-04-06T00:11:11.856814Z",
	"updated_at": "2026-04-10T13:12:26.512418Z",
	"deleted_at": null,
	"sha1_hash": "3d6ae01565e2c0141ab4edddd4fc137d66beec4f",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 63624,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 12:52:53 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Regin\n Tool: Regin\nNames\nRegin\nPrax\nWarriorPride\nCategory Malware\nType Reconnaissance, Backdoor, Info stealer, Tunneling\nDescription\nRegin is a sophisticated malware and hacking toolkit attributed to United States'\nNational Security Agency (NSA) for government spying operations. It was first publicly\nrevealed by Kaspersky Lab, Symantec, and The Intercept in November 2014. Regin\nmalware targeted victims in a range of industries, telecom, government, and financial\ninstitutions. It was engineered to be modular and over time dozens of modules have\nbeen found and attributed to this family. Symantec observed around 100 infections in 10\ndifferent countries across a variety of organisations including private companies,\ngovernment entities, and research institutes.\nInformation\nMITRE ATT\u0026CK Malpedia Last change to this tool card: 23 April 2020\nDownload this tool card in JSON format\nAll groups using tool Regin\nChanged Name Country Observed\nAPT groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ccaa85ad-0371-471b-9369-9d6d0c0f1bc6\nPage 1 of 2\n\nEquation Group 2001-Aug 2016\r\n  GCHQ 1919-2010  \r\n2 groups listed (2 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ccaa85ad-0371-471b-9369-9d6d0c0f1bc6\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ccaa85ad-0371-471b-9369-9d6d0c0f1bc6\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ccaa85ad-0371-471b-9369-9d6d0c0f1bc6"
	],
	"report_names": [
		"listgroups.cgi?u=ccaa85ad-0371-471b-9369-9d6d0c0f1bc6"
	],
	"threat_actors": [
		{
			"id": "b740943a-da51-4133-855b-df29822531ea",
			"created_at": "2022-10-25T15:50:23.604126Z",
			"updated_at": "2026-04-10T02:00:05.259593Z",
			"deleted_at": null,
			"main_name": "Equation",
			"aliases": [
				"Equation"
			],
			"source_name": "MITRE:Equation",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "5d2bd376-fcdc-4c6a-bc2c-17ebbb5b81a4",
			"created_at": "2022-10-25T16:07:23.667223Z",
			"updated_at": "2026-04-10T02:00:04.705778Z",
			"deleted_at": null,
			"main_name": "GCHQ",
			"aliases": [
				"Government Communications Headquarters",
				"Operation Socialist"
			],
			"source_name": "ETDA:GCHQ",
			"tools": [
				"Prax",
				"Regin",
				"WarriorPride"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "08623296-52be-4977-8622-50efda44e9cc",
			"created_at": "2023-01-06T13:46:38.549387Z",
			"updated_at": "2026-04-10T02:00:03.020003Z",
			"deleted_at": null,
			"main_name": "Equation Group",
			"aliases": [
				"Tilded Team",
				"EQGRP",
				"G0020"
			],
			"source_name": "MISPGALAXY:Equation Group",
			"tools": [
				"TripleFantasy",
				"GrayFish",
				"EquationLaser",
				"EquationDrug",
				"DoubleFantasy"
			],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2d9fbbd7-e4c3-40e5-b751-27af27c8610b",
			"created_at": "2024-05-01T02:03:08.144214Z",
			"updated_at": "2026-04-10T02:00:03.674763Z",
			"deleted_at": null,
			"main_name": "PLATINUM COLONY",
			"aliases": [
				"Equation Group "
			],
			"source_name": "Secureworks:PLATINUM COLONY",
			"tools": [
				"DoubleFantasy",
				"EquationDrug",
				"EquationLaser",
				"Fanny",
				"GrayFish",
				"TripleFantasy"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "e0fed6e6-a593-4041-80ef-694261825937",
			"created_at": "2022-10-25T16:07:23.593572Z",
			"updated_at": "2026-04-10T02:00:04.680752Z",
			"deleted_at": null,
			"main_name": "Equation Group",
			"aliases": [
				"APT-C-40",
				"G0020",
				"Platinum Colony",
				"Tilded Team"
			],
			"source_name": "ETDA:Equation Group",
			"tools": [
				"Bvp47",
				"DEMENTIAWHEEL",
				"DOUBLEFANTASY",
				"DanderSpritz",
				"DarkPulsar",
				"DoubleFantasy",
				"DoubleFeature",
				"DoublePulsar",
				"Duqu",
				"EQUATIONDRUG",
				"EQUATIONLASER",
				"EQUESTRE",
				"Flamer",
				"GRAYFISH",
				"GROK",
				"OddJob",
				"Plexor",
				"Prax",
				"Regin",
				"Skywiper",
				"TRIPLEFANTASY",
				"Tilded",
				"UNITEDRAKE",
				"WarriorPride",
				"sKyWIper"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434271,
	"ts_updated_at": 1775826746,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3d6ae01565e2c0141ab4edddd4fc137d66beec4f.pdf",
		"text": "https://archive.orkl.eu/3d6ae01565e2c0141ab4edddd4fc137d66beec4f.txt",
		"img": "https://archive.orkl.eu/3d6ae01565e2c0141ab4edddd4fc137d66beec4f.jpg"
	}
}