{
	"id": "25fefe9b-05f5-44d6-9b8b-db754db4560a",
	"created_at": "2026-04-06T00:11:54.198572Z",
	"updated_at": "2026-04-10T03:28:20.568397Z",
	"deleted_at": null,
	"sha1_hash": "4e6796002b42210d145bd26e068e98e3e7b51f03",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42885,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 21:37:34 UTC\r\n APT group: Harvester\r\nNames Harvester (Symantec)\r\nCountry [Unknown]\r\nSponsor State-sponsored\r\nMotivation Information theft and espionage\r\nFirst seen 2021\r\nDescription\r\n(Symantec) A previously unseen actor, likely nation-state-backed, is targeting organizations in\r\nSouth Asia, with a focus on Afghanistan, in what appears to be an information-stealing\r\ncampaign using a new toolset.\r\nThe Harvester group uses both custom malware and publicly available tools in its attacks,\r\nwhich began in June 2021, with the most recent activity seen in October 2021. Sectors targeted\r\ninclude telecommunications, government, and information technology (IT). The capabilities of\r\nthe tools, their custom development, and the victims targeted, all suggest that Harvester is a\r\nnation-state-backed actor.\r\nObserved\r\nSectors: Government, IT, Telecommunications.\r\nCountries: Afghanistan and South Asia.\r\nTools used Cobalt Strike, Graphon, Metasploit.\r\nInformation\r\n\u003chttps://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia\u003e\r\nLast change to this card: 03 November 2021\r\nDownload this actor card in PDF or JSON format\r\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=ca6c1291-9289-464b-9d77-0b5364687168\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=ca6c1291-9289-464b-9d77-0b5364687168\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=ca6c1291-9289-464b-9d77-0b5364687168"
	],
	"report_names": [
		"showcard.cgi?u=ca6c1291-9289-464b-9d77-0b5364687168"
	],
	"threat_actors": [
		{
			"id": "610a7295-3139-4f34-8cec-b3da40add480",
			"created_at": "2023-01-06T13:46:38.608142Z",
			"updated_at": "2026-04-10T02:00:03.03764Z",
			"deleted_at": null,
			"main_name": "Cobalt",
			"aliases": [
				"Cobalt Group",
				"Cobalt Gang",
				"GOLD KINGSWOOD",
				"COBALT SPIDER",
				"G0080",
				"Mule Libra"
			],
			"source_name": "MISPGALAXY:Cobalt",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "81dde5cc-c29f-430d-8c6e-e5e92d5015e7",
			"created_at": "2022-10-25T16:07:23.704358Z",
			"updated_at": "2026-04-10T02:00:04.718034Z",
			"deleted_at": null,
			"main_name": "Harvester",
			"aliases": [],
			"source_name": "ETDA:Harvester",
			"tools": [
				"Agentemis",
				"Cobalt Strike",
				"CobaltStrike",
				"Graphon",
				"Metasploit",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434314,
	"ts_updated_at": 1775791700,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4e6796002b42210d145bd26e068e98e3e7b51f03.pdf",
		"text": "https://archive.orkl.eu/4e6796002b42210d145bd26e068e98e3e7b51f03.txt",
		"img": "https://archive.orkl.eu/4e6796002b42210d145bd26e068e98e3e7b51f03.jpg"
	}
}