{ "id": "aa7a2e51-e720-4b27-81f3-0e2ab4a4e2c4", "created_at": "2026-04-06T00:21:48.514446Z", "updated_at": "2026-04-10T03:32:50.058122Z", "deleted_at": null, "sha1_hash": "6e86da1440909a7ceb80d739c554fc86554f9c0e", "title": "THC Hydra - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 42038, "plain_text": "THC Hydra - Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-02 12:22:19 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool THC Hydra\n Tool: THC Hydra\nNames THC Hydra\nCategory Tools\nType Credential stealer\nDescription\nTHC Hydra Download below, this software rocks, it’s pretty much the most up to date and\ncurrently developed password brute forcing tool around at the moment.\nInformation\nLast change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool THC Hydra\nChanged Name Country Observed\nAPT groups\n Allanite [Unknown] 2017\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e14bb059-7b4c-46c6-aaa5-24cd9fe89ab5\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e14bb059-7b4c-46c6-aaa5-24cd9fe89ab5\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e14bb059-7b4c-46c6-aaa5-24cd9fe89ab5" ], "report_names": [ "listgroups.cgi?u=e14bb059-7b4c-46c6-aaa5-24cd9fe89ab5" ], "threat_actors": [ { "id": "a792743d-78a4-40c9-9d9a-a12c52880297", "created_at": "2023-01-06T13:46:38.75457Z", "updated_at": "2026-04-10T02:00:03.089271Z", "deleted_at": null, "main_name": "ALLANITE", "aliases": [ "Palmetto Fusion", "Allanite" ], "source_name": "MISPGALAXY:ALLANITE", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "1a76ed30-4daf-4817-98ae-87c667364464", "created_at": "2022-10-25T16:47:55.891029Z", "updated_at": "2026-04-10T02:00:03.646466Z", "deleted_at": null, "main_name": "IRON LIBERTY", "aliases": [ "ALLANITE ", "ATK6 ", "BROMINE ", "CASTLE ", "Crouching Yeti ", "DYMALLOY ", "Dragonfly ", "Energetic Bear / Berserk Bear ", "Ghost Blizzard ", "TEMP.Isotope ", "TG-4192 " ], "source_name": "Secureworks:IRON LIBERTY", "tools": [ "ClientX", "Ddex Loader", "Havex", "Karagany", "Loek", "MCMD", "Sysmain", "xfrost" ], "source_id": "Secureworks", "reports": null }, { "id": "0a0132a3-526d-4698-be49-5e75530c1417", "created_at": "2022-10-25T15:50:23.856139Z", "updated_at": "2026-04-10T02:00:05.42054Z", "deleted_at": null, "main_name": "ALLANITE", "aliases": [ "ALLANITE", "Palmetto Fusion" ], "source_name": "MITRE:ALLANITE", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "1c4281e9-0a4c-4f20-94a2-25ed3661cc98", "created_at": "2022-10-25T16:07:23.301826Z", "updated_at": "2026-04-10T02:00:04.529332Z", "deleted_at": null, "main_name": "Allanite", "aliases": [ "G1000", "Palmetto Fusion" ], "source_name": "ETDA:Allanite", "tools": [ "PsExec", "SecreetsDump", "THC Hydra" ], "source_id": "ETDA", "reports": null }, { "id": "5cbf6c32-482d-4cd2-9d11-0d9311acdc28", "created_at": "2023-01-06T13:46:38.39927Z", "updated_at": "2026-04-10T02:00:02.958273Z", "deleted_at": null, "main_name": "ENERGETIC BEAR", "aliases": [ "BERSERK BEAR", "ALLANITE", "Group 24", "Koala Team", "G0035", "ATK6", "ITG15", "DYMALLOY", "TG-4192", "Crouching Yeti", "Havex", "IRON LIBERTY", "Blue Kraken", "Ghost Blizzard" ], "source_name": "MISPGALAXY:ENERGETIC BEAR", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434908, "ts_updated_at": 1775791970, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/6e86da1440909a7ceb80d739c554fc86554f9c0e.pdf", "text": "https://archive.orkl.eu/6e86da1440909a7ceb80d739c554fc86554f9c0e.txt", "img": "https://archive.orkl.eu/6e86da1440909a7ceb80d739c554fc86554f9c0e.jpg" } }