{
	"id": "2f56619c-a1f0-4658-be74-3d2d3fc707e6",
	"created_at": "2026-04-06T00:14:52.439642Z",
	"updated_at": "2026-04-10T13:12:20.621306Z",
	"deleted_at": null,
	"sha1_hash": "4a81c9b52f6019808c56a64aa9b81ca43ff3153c",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 60890,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 22:01:05 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Duqu\n Tool: Duqu\nNames\nDuqu\nTilded\nCategory Malware\nType ICS malware, Backdoor, Keylogger, Info stealer, Wiper\nDescription\n(Wikipedia) Duqu is a collection of computer malware discovered on 1 September 2011, thought to be related to the Stuxnet\nbeen created by Unit 8200. The Laboratory of Cryptography and System Security (CrySyS Lab) of the Budapest University o\nEconomics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duq\nfrom the prefix '~DQ' it gives to the names of files it creates.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 24 April 2021\nDownload this tool card in JSON format\nAll groups using tool Duqu\nChanged Name Country Observed\nAPT groups\n Equation Group 2001-Aug 2016\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1cb8b2e7-9d26-414d-b574-87eaddeb0871\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1cb8b2e7-9d26-414d-b574-87eaddeb0871\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1cb8b2e7-9d26-414d-b574-87eaddeb0871"
	],
	"report_names": [
		"listgroups.cgi?u=1cb8b2e7-9d26-414d-b574-87eaddeb0871"
	],
	"threat_actors": [
		{
			"id": "b740943a-da51-4133-855b-df29822531ea",
			"created_at": "2022-10-25T15:50:23.604126Z",
			"updated_at": "2026-04-10T02:00:05.259593Z",
			"deleted_at": null,
			"main_name": "Equation",
			"aliases": [
				"Equation"
			],
			"source_name": "MITRE:Equation",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "fea75bf4-c510-4146-bbac-0802351f4eb0",
			"created_at": "2023-01-06T13:46:38.714847Z",
			"updated_at": "2026-04-10T02:00:03.076837Z",
			"deleted_at": null,
			"main_name": "Unit 8200",
			"aliases": [
				"Duqu Group"
			],
			"source_name": "MISPGALAXY:Unit 8200",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "08623296-52be-4977-8622-50efda44e9cc",
			"created_at": "2023-01-06T13:46:38.549387Z",
			"updated_at": "2026-04-10T02:00:03.020003Z",
			"deleted_at": null,
			"main_name": "Equation Group",
			"aliases": [
				"Tilded Team",
				"EQGRP",
				"G0020"
			],
			"source_name": "MISPGALAXY:Equation Group",
			"tools": [
				"TripleFantasy",
				"GrayFish",
				"EquationLaser",
				"EquationDrug",
				"DoubleFantasy"
			],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2d9fbbd7-e4c3-40e5-b751-27af27c8610b",
			"created_at": "2024-05-01T02:03:08.144214Z",
			"updated_at": "2026-04-10T02:00:03.674763Z",
			"deleted_at": null,
			"main_name": "PLATINUM COLONY",
			"aliases": [
				"Equation Group "
			],
			"source_name": "Secureworks:PLATINUM COLONY",
			"tools": [
				"DoubleFantasy",
				"EquationDrug",
				"EquationLaser",
				"Fanny",
				"GrayFish",
				"TripleFantasy"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "e0fed6e6-a593-4041-80ef-694261825937",
			"created_at": "2022-10-25T16:07:23.593572Z",
			"updated_at": "2026-04-10T02:00:04.680752Z",
			"deleted_at": null,
			"main_name": "Equation Group",
			"aliases": [
				"APT-C-40",
				"G0020",
				"Platinum Colony",
				"Tilded Team"
			],
			"source_name": "ETDA:Equation Group",
			"tools": [
				"Bvp47",
				"DEMENTIAWHEEL",
				"DOUBLEFANTASY",
				"DanderSpritz",
				"DarkPulsar",
				"DoubleFantasy",
				"DoubleFeature",
				"DoublePulsar",
				"Duqu",
				"EQUATIONDRUG",
				"EQUATIONLASER",
				"EQUESTRE",
				"Flamer",
				"GRAYFISH",
				"GROK",
				"OddJob",
				"Plexor",
				"Prax",
				"Regin",
				"Skywiper",
				"TRIPLEFANTASY",
				"Tilded",
				"UNITEDRAKE",
				"WarriorPride",
				"sKyWIper"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434492,
	"ts_updated_at": 1775826740,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4a81c9b52f6019808c56a64aa9b81ca43ff3153c.pdf",
		"text": "https://archive.orkl.eu/4a81c9b52f6019808c56a64aa9b81ca43ff3153c.txt",
		"img": "https://archive.orkl.eu/4a81c9b52f6019808c56a64aa9b81ca43ff3153c.jpg"
	}
}