{
	"id": "2703ac13-2042-4e5c-974c-58b7cd745e39",
	"created_at": "2026-04-06T00:07:13.94936Z",
	"updated_at": "2026-04-10T13:11:43.49009Z",
	"deleted_at": null,
	"sha1_hash": "6a20f524ddd195a5bffb11d122708d45b5ed25d3",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46090,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 18:33:37 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool IOCONTROL\r\n Tool: IOCONTROL\r\nNames IOCONTROL\r\nCategory Malware\r\nType ICS malware\r\nDescription\r\n(Claroty) Team82 obtained a sample of a custom-built IoT/OT malware called IOCONTROL\r\nused by Iran-affiliated attackers to attack Israel- and U.S.-based OT/IoT devices.\r\nIOCONTROL has been used to attack IoT and SCADA/OT devices of various types including\r\nIP cameras, routers, PLCs, HMIs, firewalls, and more. Some of the affected vendors include:\r\nBaicells, D-Link, Hikvision, Red Lion, Orpak, Phoenix Contact, Teltonika, Unitronics, and\r\nothers.\r\nWe’ve assessed that IOCONTROL is a cyberweapon used by a nation-state to attack civilian\r\ncritical infrastructure.\r\nInformation\r\n\u003chttps://claroty.com/team82/research/inside-a-new-ot-iot-cyber-weapon-iocontrol\u003e\r\n\u003chttps://therecord.media/us-offers-reward-for-iran-hacker-iocontrol-malware\u003e\r\nLast change to this tool card: 28 June 2025\r\nDownload this tool card in JSON format\r\nAll groups using tool IOCONTROL\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=71b633fc-7f76-4c90-bb94-c1ce6ba1a591\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=71b633fc-7f76-4c90-bb94-c1ce6ba1a591\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=71b633fc-7f76-4c90-bb94-c1ce6ba1a591\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=71b633fc-7f76-4c90-bb94-c1ce6ba1a591"
	],
	"report_names": [
		"listgroups.cgi?u=71b633fc-7f76-4c90-bb94-c1ce6ba1a591"
	],
	"threat_actors": [],
	"ts_created_at": 1775434033,
	"ts_updated_at": 1775826703,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6a20f524ddd195a5bffb11d122708d45b5ed25d3.pdf",
		"text": "https://archive.orkl.eu/6a20f524ddd195a5bffb11d122708d45b5ed25d3.txt",
		"img": "https://archive.orkl.eu/6a20f524ddd195a5bffb11d122708d45b5ed25d3.jpg"
	}
}