{
	"id": "4a98fb56-b483-4027-93c2-13546d15c9f9",
	"created_at": "2026-04-06T00:13:12.461123Z",
	"updated_at": "2026-04-10T03:33:12.612245Z",
	"deleted_at": null,
	"sha1_hash": "7179a87a000b432d1ce79dc4854145e0d34cd01f",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49304,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 15:36:17 UTC\n APT group: IndigoZebra\nNames\nIndigoZebra (Check Point)\nG0136 (MITRE)\nCountry China\nMotivation Information theft and espionage\nFirst seen 2014\nDescription\n(Check Point) Check Point Research (CPR) has observed an ongoing cyber espionage\noperation targeting the Afghan government. Believed to be the Chinese-speaking hacker\ngroup known as “IndigoZebra”, the threat actors behind the espionage leveraged\nDropbox, the popular cloud storage service, to infiltrate the Afghan National Security\nCouncil (NSC). Further investigation by CPR revealed that this is the latest in longer-running activity targeting other Central Asian countries, Kyrgyzstan and Uzbekistan,\nsince at least 2014.\nObserved Countries: Afghanistan, Kyrgyzstan, Uzbekistan.\nTools used Dropbox.\nInformation\nMITRE ATT\u0026CK Last change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=b4571e18-c0c8-42fb-9c03-aa7b5b29b2b7\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=b4571e18-c0c8-42fb-9c03-aa7b5b29b2b7\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=b4571e18-c0c8-42fb-9c03-aa7b5b29b2b7"
	],
	"report_names": [
		"showcard.cgi?u=b4571e18-c0c8-42fb-9c03-aa7b5b29b2b7"
	],
	"threat_actors": [
		{
			"id": "62f2206e-d8c6-49bb-86fc-63118ac2bf40",
			"created_at": "2022-10-25T16:07:23.725942Z",
			"updated_at": "2026-04-10T02:00:04.728159Z",
			"deleted_at": null,
			"main_name": "IndigoZebra",
			"aliases": [
				"G0136"
			],
			"source_name": "ETDA:IndigoZebra",
			"tools": [
				"Dropbox"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "abb4a645-181b-4237-825f-447ac9b0c16d",
			"created_at": "2022-10-25T15:50:23.764656Z",
			"updated_at": "2026-04-10T02:00:05.40558Z",
			"deleted_at": null,
			"main_name": "IndigoZebra",
			"aliases": [
				"IndigoZebra"
			],
			"source_name": "MITRE:IndigoZebra",
			"tools": [
				"xCaon",
				"BoxCaon",
				"PoisonIvy"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "f33ce87f-9514-447c-aba2-ff3e4e9e5b71",
			"created_at": "2023-11-07T02:00:07.097748Z",
			"updated_at": "2026-04-10T02:00:03.406698Z",
			"deleted_at": null,
			"main_name": "IndigoZebra",
			"aliases": [],
			"source_name": "MISPGALAXY:IndigoZebra",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434392,
	"ts_updated_at": 1775791992,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7179a87a000b432d1ce79dc4854145e0d34cd01f.pdf",
		"text": "https://archive.orkl.eu/7179a87a000b432d1ce79dc4854145e0d34cd01f.txt",
		"img": "https://archive.orkl.eu/7179a87a000b432d1ce79dc4854145e0d34cd01f.jpg"
	}
}