{
	"id": "e2a8dee3-9e27-49f5-b3b0-46f120303248",
	"created_at": "2026-04-06T00:18:25.40516Z",
	"updated_at": "2026-04-10T03:34:17.924833Z",
	"deleted_at": null,
	"sha1_hash": "5ee40178a16590326eb22cc89377c2f90b9524a6",
	"title": "DustSquad, Golden Falcon - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51950,
	"plain_text": "DustSquad, Golden Falcon - Threat Group Cards: A Threat Actor\r\nEncyclopedia\r\nArchived: 2026-04-05 20:45:07 UTC\r\nHome \u003e List all groups \u003e DustSquad, Golden Falcon\r\n APT group: DustSquad, Golden Falcon\r\nNames\r\nDustSquad (Kaspersky)\r\nGolden Falcon (Qihoo 360)\r\nAPT-C-34 (Qihoo 360)\r\nNomadic Octopus (ESET)\r\nG0133 (MITRE)\r\nCountry Russia\r\nMotivation Information theft and espionage\r\nFirst seen 2014\r\nDescription\r\n(Kaspersky) For the last two years we have been monitoring a Russian-language\r\ncyberespionage actor that focuses on Central Asian users and diplomatic entities. We\r\nnamed the actor DustSquad and have provided private intelligence reports to our\r\ncustomers on four of their campaigns involving custom Android and Windows\r\nmalware. In this blogpost we cover a malicious program for Windows called\r\nOctopus that mostly targets diplomatic entities.\r\nThe name was originally coined by ESET in 2017 after the 0ct0pus3.php script used\r\nby the actor on their old C2 servers. We also started monitoring the malware and,\r\nusing Kaspersky Attribution Engine based on similarity algorithms, discovered that\r\nOctopus is related to DustSquad, something we reported in April 2018. In our\r\ntelemetry we tracked this campaign back to 2014 in the former Soviet republics of\r\nCentral Asia (still mostly Russian-speaking), plus Afghanistan.\r\nObserved\r\nSectors: Defense, Government, Media and diplomats and dissidents.\r\nCountries: Afghanistan, Kazakhstan and Central Asia.\r\nTools used Harpoon, Octopus, Paperbug, Remote Control System.\r\nOperations performed 2020\r\nNomadic Octopus’ Paperbug Campaign\r\n\u003chttps://www.prodaft.com/m/reports/PAPERBUG_TLPWHITE-1.pdf\u003e\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=982ea477-0c28-490e-87d6-3f43da257cae\r\nPage 1 of 2\n\nInformation\nMITRE ATT\u0026CK Last change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=982ea477-0c28-490e-87d6-3f43da257cae\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=982ea477-0c28-490e-87d6-3f43da257cae\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=982ea477-0c28-490e-87d6-3f43da257cae"
	],
	"report_names": [
		"showcard.cgi?u=982ea477-0c28-490e-87d6-3f43da257cae"
	],
	"threat_actors": [
		{
			"id": "978775b9-369d-44f7-8a42-76d7b9cb42d5",
			"created_at": "2022-10-25T15:50:23.846105Z",
			"updated_at": "2026-04-10T02:00:05.36378Z",
			"deleted_at": null,
			"main_name": "Nomadic Octopus",
			"aliases": [
				"Nomadic Octopus",
				"DustSquad"
			],
			"source_name": "MITRE:Nomadic Octopus",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "70661552-6715-4750-bf4e-527055d3e7b4",
			"created_at": "2023-11-08T02:00:07.114392Z",
			"updated_at": "2026-04-10T02:00:03.417207Z",
			"deleted_at": null,
			"main_name": "DustSquad",
			"aliases": [
				"Nomadic Octopus"
			],
			"source_name": "MISPGALAXY:DustSquad",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "8b1844c0-671a-41e0-abb1-8abc556738b5",
			"created_at": "2023-01-06T13:46:39.074954Z",
			"updated_at": "2026-04-10T02:00:03.2046Z",
			"deleted_at": null,
			"main_name": "APT-C-34",
			"aliases": [
				"Golden Falcon"
			],
			"source_name": "MISPGALAXY:APT-C-34",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "f6fe4b4f-9694-4ffc-94ef-a0cc5aef94d9",
			"created_at": "2022-10-25T16:07:23.556112Z",
			"updated_at": "2026-04-10T02:00:04.655561Z",
			"deleted_at": null,
			"main_name": "DustSquad",
			"aliases": [
				"APT-C-34",
				"DustSquad",
				"G0133",
				"Golden Falcon",
				"Nomadic Octopus"
			],
			"source_name": "ETDA:DustSquad",
			"tools": [
				"Garpun",
				"Paperbug",
				"Remote Control System"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434705,
	"ts_updated_at": 1775792057,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5ee40178a16590326eb22cc89377c2f90b9524a6.pdf",
		"text": "https://archive.orkl.eu/5ee40178a16590326eb22cc89377c2f90b9524a6.txt",
		"img": "https://archive.orkl.eu/5ee40178a16590326eb22cc89377c2f90b9524a6.jpg"
	}
}