{
	"id": "fd888f2a-eeec-4a2f-8627-d70ab7a864c5",
	"created_at": "2026-04-06T01:30:35.534334Z",
	"updated_at": "2026-04-10T03:35:34.353713Z",
	"deleted_at": null,
	"sha1_hash": "6ff1711bba06888b4242643dac9ce21bd07a94dd",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28747,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy zer0daydan\r\nArchived: 2026-04-06 00:31:35 UTC\r\nCreated 10 years ago\r\nModified 10 years ago by zer0daydan\r\nPublic\r\nTLP: Green\r\nPlatinum has been active since 2009 and primarily targets governmental organizations, defense institutes,\r\nintelligence agencies, and telecommunication providers in South and Southeast Asia. The group has gone to great\r\nlengths to develop covert techniques that allow them to conduct cyber-espionage campaigns for years without\r\nbeing detected. Platinum is using hotpatching as a technique to attempt to cloak a backdoor they use.\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:adbupd\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:adbupd\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:adbupd"
	],
	"report_names": [
		"pulses?q=tag:adbupd"
	],
	"threat_actors": [
		{
			"id": "7d8ef10e-1d7b-49a0-ab6e-f1dae465a1a4",
			"created_at": "2023-01-06T13:46:38.595679Z",
			"updated_at": "2026-04-10T02:00:03.033762Z",
			"deleted_at": null,
			"main_name": "PLATINUM",
			"aliases": [
				"TwoForOne",
				"G0068",
				"ATK33"
			],
			"source_name": "MISPGALAXY:PLATINUM",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "e61c46f7-88a1-421a-9fed-0cfe2eeb820a",
			"created_at": "2022-10-25T16:07:24.061767Z",
			"updated_at": "2026-04-10T02:00:04.854503Z",
			"deleted_at": null,
			"main_name": "Platinum",
			"aliases": [
				"ATK 33",
				"G0068",
				"Operation EasternRoppels",
				"TwoForOne"
			],
			"source_name": "ETDA:Platinum",
			"tools": [
				"AMTsol",
				"Adupib",
				"Adupihan",
				"Dipsind",
				"DvDupdate.dll",
				"JPIN",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"RedPepper",
				"RedSalt",
				"Titanium",
				"adbupd",
				"psinstrc.ps1"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "33f527a5-a5da-496a-a48c-7807cc858c3e",
			"created_at": "2022-10-25T15:50:23.803657Z",
			"updated_at": "2026-04-10T02:00:05.333523Z",
			"deleted_at": null,
			"main_name": "PLATINUM",
			"aliases": [
				"PLATINUM"
			],
			"source_name": "MITRE:PLATINUM",
			"tools": [
				"JPIN",
				"Dipsind",
				"adbupd"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775439035,
	"ts_updated_at": 1775792134,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6ff1711bba06888b4242643dac9ce21bd07a94dd.pdf",
		"text": "https://archive.orkl.eu/6ff1711bba06888b4242643dac9ce21bd07a94dd.txt",
		"img": "https://archive.orkl.eu/6ff1711bba06888b4242643dac9ce21bd07a94dd.jpg"
	}
}