{
	"id": "c1e3cb7f-9fa9-4441-97b9-d69dbec154c3",
	"created_at": "2026-04-06T00:08:21.289723Z",
	"updated_at": "2026-04-10T03:38:03.473914Z",
	"deleted_at": null,
	"sha1_hash": "51bafa2c593afde2a58a43829ea0bc37eb1b2639",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51228,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:38:29 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Micropsia\n Tool: Micropsia\nNames Micropsia\nCategory Malware\nType Info stealer, Keylogger, Exfiltration\nDescription\n(Palo Alto) The MICROPSIA malware family is written in Delphi and is an information\nstealing malware family with a wide range of data theft functionality built in.\nThe main capabilities of the malware are as follows:\n• Logging of keystrokes to a hardcoded text file and exfiltration to a remote server\n• Capturing screenshots of the infected machines\n• Searching for files with extensions matching Microsoft Office documents and using\nWinRAR to archive these prior to exfiltration.\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 14 May 2020\nDownload this tool card in JSON format\nAll groups using tool Micropsia\nChanged Name Country Observed\nAPT groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f0b0c482-814c-4f97-a2cb-e5e963ed448a\nPage 1 of 2\n\nThe Big Bang [Unknown] 2017  \r\n  Desert Falcons [Gaza] 2011-Oct 2023\r\n  Molerats, Extreme Jackal, Gaza Cybergang [Gaza] 2012-Jul 2023  \r\n3 groups listed (3 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f0b0c482-814c-4f97-a2cb-e5e963ed448a\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f0b0c482-814c-4f97-a2cb-e5e963ed448a\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f0b0c482-814c-4f97-a2cb-e5e963ed448a"
	],
	"report_names": [
		"listgroups.cgi?u=f0b0c482-814c-4f97-a2cb-e5e963ed448a"
	],
	"threat_actors": [
		{
			"id": "9198aefa-3da6-4605-bb52-923df20a7fce",
			"created_at": "2023-01-06T13:46:38.766848Z",
			"updated_at": "2026-04-10T02:00:03.093153Z",
			"deleted_at": null,
			"main_name": "The Big Bang",
			"aliases": [],
			"source_name": "MISPGALAXY:The Big Bang",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "0c502f6d-640d-4e69-bfb8-328ba6540d4f",
			"created_at": "2022-10-25T15:50:23.756782Z",
			"updated_at": "2026-04-10T02:00:05.324924Z",
			"deleted_at": null,
			"main_name": "Molerats",
			"aliases": [
				"Molerats",
				"Operation Molerats",
				"Gaza Cybergang"
			],
			"source_name": "MITRE:Molerats",
			"tools": [
				"MoleNet",
				"DustySky",
				"DropBook",
				"SharpStage",
				"PoisonIvy"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "9ff60d4d-153b-4ed5-a2f7-18a21d2fa05d",
			"created_at": "2022-10-25T16:07:23.539852Z",
			"updated_at": "2026-04-10T02:00:04.647734Z",
			"deleted_at": null,
			"main_name": "Desert Falcons",
			"aliases": [
				"APT-C-23",
				"ATK 66",
				"Arid Viper",
				"Niobium",
				"Operation Arid Viper",
				"Operation Bearded Barbie",
				"Operation Rebound",
				"Pinstripe Lightning",
				"Renegade Jackal",
				"TAG-63",
				"TAG-CT1",
				"Two-tailed Scorpion"
			],
			"source_name": "ETDA:Desert Falcons",
			"tools": [
				"AridSpy",
				"Barb(ie) Downloader",
				"BarbWire",
				"Desert Scorpion",
				"FrozenCell",
				"GlanceLove",
				"GnatSpy",
				"KasperAgent",
				"Micropsia",
				"PyMICROPSIA",
				"SpyC23",
				"Viper RAT",
				"ViperRAT",
				"VolatileVenom",
				"WinkChat",
				"android.micropsia"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "e5cad6bf-fa91-4128-ba0d-2bf3ff3c6c6b",
			"created_at": "2025-08-07T02:03:24.53077Z",
			"updated_at": "2026-04-10T02:00:03.680525Z",
			"deleted_at": null,
			"main_name": "ALUMINUM SARATOGA",
			"aliases": [
				"APT-C-23",
				"Arid Viper",
				"Desert Falcon",
				"Extreme Jackal ",
				"Gaza Cybergang",
				"Molerats ",
				"Operation DustySky ",
				"TA402"
			],
			"source_name": "Secureworks:ALUMINUM SARATOGA",
			"tools": [
				"BlackShades",
				"BrittleBush",
				"DarkComet",
				"LastConn",
				"Micropsia",
				"NimbleMamba",
				"PoisonIvy",
				"QuasarRAT",
				"XtremeRat"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "1162e0d4-b69c-423d-a4da-f3080d1d2b0c",
			"created_at": "2023-01-06T13:46:38.508262Z",
			"updated_at": "2026-04-10T02:00:03.006018Z",
			"deleted_at": null,
			"main_name": "Molerats",
			"aliases": [
				"Gaza Cybergang",
				"Operation Molerats",
				"Extreme Jackal",
				"ALUMINUM SARATOGA",
				"G0021",
				"BLACKSTEM",
				"Gaza Hackers Team",
				"Gaza cybergang"
			],
			"source_name": "MISPGALAXY:Molerats",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "f7d9b02d-d294-422b-adf7-4b3adfac9d9a",
			"created_at": "2022-10-25T16:07:23.392241Z",
			"updated_at": "2026-04-10T02:00:04.577887Z",
			"deleted_at": null,
			"main_name": "The Big Bang",
			"aliases": [],
			"source_name": "ETDA:The Big Bang",
			"tools": [
				"Micropsia"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "847f600c-cf90-44c0-8b39-fb0d5adfcef4",
			"created_at": "2022-10-25T16:07:23.875541Z",
			"updated_at": "2026-04-10T02:00:04.768142Z",
			"deleted_at": null,
			"main_name": "Molerats",
			"aliases": [
				"ATK 89",
				"Aluminum Saratoga",
				"Extreme Jackal",
				"G0021",
				"Gaza Cybergang",
				"Gaza Hackers Team",
				"Molerats",
				"Operation DustySky",
				"Operation DustySky Part 2",
				"Operation Molerats",
				"Operation Moonlight",
				"Operation SneakyPastes",
				"Operation TopHat",
				"TA402",
				"TAG-CT5"
			],
			"source_name": "ETDA:Molerats",
			"tools": [
				"BadPatch",
				"Bladabindi",
				"BrittleBush",
				"Chymine",
				"CinaRAT",
				"Darkmoon",
				"Downeks",
				"DropBook",
				"DustySky",
				"ExtRat",
				"Gen:Trojan.Heur.PT",
				"H-Worm",
				"H-Worm RAT",
				"Houdini",
				"Houdini RAT",
				"Hworm",
				"Iniduoh",
				"IronWind",
				"Jenxcus",
				"JhoneRAT",
				"Jorik",
				"KasperAgent",
				"Kognito",
				"LastConn",
				"Micropsia",
				"MoleNet",
				"Molerat Loader",
				"NeD Worm",
				"NimbleMamba",
				"Njw0rm",
				"Pierogi",
				"Poison Ivy",
				"Quasar RAT",
				"QuasarRAT",
				"SPIVY",
				"Scote",
				"SharpSploit",
				"SharpStage",
				"WSHRAT",
				"WelcomeChat",
				"Xtreme RAT",
				"XtremeRAT",
				"Yggdrasil",
				"dinihou",
				"dunihi",
				"njRAT",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434101,
	"ts_updated_at": 1775792283,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/51bafa2c593afde2a58a43829ea0bc37eb1b2639.pdf",
		"text": "https://archive.orkl.eu/51bafa2c593afde2a58a43829ea0bc37eb1b2639.txt",
		"img": "https://archive.orkl.eu/51bafa2c593afde2a58a43829ea0bc37eb1b2639.jpg"
	}
}