{
	"id": "d152d1f3-72ca-45b5-aafc-05ddbc473aa6",
	"created_at": "2026-04-06T01:32:20.802326Z",
	"updated_at": "2026-04-10T13:12:37.713902Z",
	"deleted_at": null,
	"sha1_hash": "45275d17b41474dfacce5c2fe946f20e12142906",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43721,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 00:42:33 UTC\n APT group: WildCard\nNames WildCard (Intezer)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2021\nDescription\n(Intezer) Our research team has identified a new APT group, dubbed “WildCard,” initially\ndetected through its use of the SysJoker malware, which targeted Israel’s educational sector in\n2021. WildCard has since expanded its reach, creating sophisticated malware variants\ndisguised as legitimate software, and a recently developed malware called ‘RustDown,’ written\nin Rust for potential operational advantages. Connections to Operation Electric Powder\nindicate WildCard’s advanced capabilities with a focus on critical sectors within Israel. While\nwe’ve begun to understand WildCard’s tactics and methods, their precise identity is still\nenigmatic, demanding deeper analysis and collaboration within the infosec community.\nObserved\nSectors: Education, Industrial.\nCountries: Israel.\nTools used RustDown, SysJoker.\nInformation\nLast change to this card: 30 November 2023\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d49566bf-86b1-4f36-9152-64ddf7f307e6\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d49566bf-86b1-4f36-9152-64ddf7f307e6\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d49566bf-86b1-4f36-9152-64ddf7f307e6"
	],
	"report_names": [
		"showcard.cgi?u=d49566bf-86b1-4f36-9152-64ddf7f307e6"
	],
	"threat_actors": [
		{
			"id": "2864e40a-f233-4618-ac61-b03760a41cbb",
			"created_at": "2023-12-01T02:02:34.272108Z",
			"updated_at": "2026-04-10T02:00:04.97558Z",
			"deleted_at": null,
			"main_name": "WildCard",
			"aliases": [],
			"source_name": "ETDA:WildCard",
			"tools": [
				"RustDown",
				"SysJoker"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "cd402658-d63c-40bc-b6ce-bb3d742904c5",
			"created_at": "2023-12-01T02:02:33.960041Z",
			"updated_at": "2026-04-10T02:00:04.804676Z",
			"deleted_at": null,
			"main_name": "Operation Electric Powder",
			"aliases": [],
			"source_name": "ETDA:Operation Electric Powder",
			"tools": [
				"SysJoker"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "256a6a2d-e8a2-4497-b399-628a7fad4b3e",
			"created_at": "2023-11-30T02:00:07.299845Z",
			"updated_at": "2026-04-10T02:00:03.484788Z",
			"deleted_at": null,
			"main_name": "WildCard",
			"aliases": [],
			"source_name": "MISPGALAXY:WildCard",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775439140,
	"ts_updated_at": 1775826757,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/45275d17b41474dfacce5c2fe946f20e12142906.pdf",
		"text": "https://archive.orkl.eu/45275d17b41474dfacce5c2fe946f20e12142906.txt",
		"img": "https://archive.orkl.eu/45275d17b41474dfacce5c2fe946f20e12142906.jpg"
	}
}