{
	"id": "2ae7f0db-d533-4a2f-aa5e-b5ca6b00bda4",
	"created_at": "2026-04-06T00:15:45.762078Z",
	"updated_at": "2026-04-10T03:34:57.173332Z",
	"deleted_at": null,
	"sha1_hash": "75f102d1e0f27ab8d83f7481e0c5dac2efd94ee1",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 348057,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy PetrP.73\r\nArchived: 2026-04-05 17:57:15 UTC\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle\r\nPage 1 of 6\n\nAPT15 Cyber Espionage: Campaigns and TTPs Analysis\r\nCVE: 5 | URL: 1 | Hostname: 2\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle\r\nPage 2 of 6\n\nAPT15, a cyber espionage group with origins in China, has been active since approximately 2010 and has\r\nconducted numerous high-profile campaigns targeting government, diplomatic, and military sectors across North\r\nAmerica, Europe, and the Middle East. Their operations include notable incidents such as the 2013 \"moviestar\"\r\noperation against European Ministries of Foreign Affairs, attacks on Indian embassy personnel in 2016, and the\r\nhacking of a US Navy contractor in 2018. Even after significant disruptions like the 2021 crackdown by\r\nMicrosoft, APT15 adapted and continued its activities, notably deploying a new backdoor called Graphican in\r\n2022 and using the ORB3 network for operations in 2023.\r\n161 Subscribers\r\n373,955 Subscribers\r\n841 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle\r\nPage 3 of 6\n\n841 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle\r\nPage 4 of 6\n\nThreat Research | FireEye Inc\r\nFind out more about FireEye.com, the world's leading cyber security company, which provides security services to\r\nmore than 1.5 million customers across the globe, and offers a wide range of products and services.\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle\r\nPage 5 of 6\n\n17 Subscribers\r\n373,955 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle\r\nPage 6 of 6\n\nAPT15 Cyber Espionage: https://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle Campaigns and TTPs Analysis\nCVE: 5 | URL: 1 | Hostname: 2 \n   Page 2 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:GoldenEagle"
	],
	"report_names": [
		"pulses?q=tag:GoldenEagle"
	],
	"threat_actors": [
		{
			"id": "0a03e7f0-2f75-4153-9c4f-c46d12d3962e",
			"created_at": "2022-10-25T15:50:23.453824Z",
			"updated_at": "2026-04-10T02:00:05.28793Z",
			"deleted_at": null,
			"main_name": "Ke3chang",
			"aliases": [
				"Ke3chang",
				"APT15",
				"Vixen Panda",
				"GREF",
				"Playful Dragon",
				"RoyalAPT",
				"Nylon Typhoon"
			],
			"source_name": "MITRE:Ke3chang",
			"tools": [
				"Okrum",
				"Systeminfo",
				"netstat",
				"spwebmember",
				"Mimikatz",
				"Tasklist",
				"MirageFox",
				"Neoichor",
				"ipconfig"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "7d5531e2-0ad1-4237-beed-af009035576f",
			"created_at": "2024-05-01T02:03:07.977868Z",
			"updated_at": "2026-04-10T02:00:03.817883Z",
			"deleted_at": null,
			"main_name": "BRONZE PALACE",
			"aliases": [
				"APT15 ",
				"BRONZE DAVENPORT ",
				"BRONZE IDLEWOOD ",
				"CTG-6119 ",
				"CTG-6119 ",
				"CTG-9246 ",
				"Ke3chang ",
				"NICKEL ",
				"Nylon Typhoon ",
				"Playful Dragon",
				"Vixen Panda "
			],
			"source_name": "Secureworks:BRONZE PALACE",
			"tools": [
				"BMW",
				"BS2005",
				"Enfal",
				"Mirage",
				"RoyalCLI",
				"RoyalDNS"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "7c8cf02c-623a-4793-918b-f908675a1aef",
			"created_at": "2023-01-06T13:46:38.309165Z",
			"updated_at": "2026-04-10T02:00:02.921721Z",
			"deleted_at": null,
			"main_name": "APT15",
			"aliases": [
				"Metushy",
				"Lurid",
				"Social Network Team",
				"Royal APT",
				"BRONZE DAVENPORT",
				"BRONZE IDLEWOOD",
				"VIXEN PANDA",
				"Ke3Chang",
				"Playful Dragon",
				"BRONZE PALACE",
				"G0004",
				"Red Vulture",
				"Nylon Typhoon"
			],
			"source_name": "MISPGALAXY:APT15",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434545,
	"ts_updated_at": 1775792097,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/75f102d1e0f27ab8d83f7481e0c5dac2efd94ee1.pdf",
		"text": "https://archive.orkl.eu/75f102d1e0f27ab8d83f7481e0c5dac2efd94ee1.txt",
		"img": "https://archive.orkl.eu/75f102d1e0f27ab8d83f7481e0c5dac2efd94ee1.jpg"
	}
}