{ "id": "4c11e38f-0add-4537-bb33-11249c40dfca", "created_at": "2026-04-06T00:14:57.783355Z", "updated_at": "2026-04-10T03:29:45.392053Z", "deleted_at": null, "sha1_hash": "779f21e845d43b3f189acaa7b7d738fda2e04d85", "title": "LevelBlue - Open Threat Exchange", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 245331, "plain_text": "LevelBlue - Open Threat Exchange\r\nBy mohdrennis\r\nArchived: 2026-04-05 23:46:32 UTC\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:grayfish\r\nPage 1 of 7\n\nA Deep Dive into DoubleFeature, Equation Group Post-Exploitation Dashboard - Check Point\r\nResearch\r\nCreated 4 years ago by mohdrennis\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:grayfish\r\nPage 2 of 7\n\nPublic\r\nTLP: White\r\nThe Equation Group’s post-exploitation tool DanderSpritz was leaked by the Shadow Brokers in April 2017, but\r\nwhat do we know about it and how did it get there?\r\n354 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:grayfish\r\nPage 3 of 7\n\nInside the EquationDrug Espionage Platform | Securelist\r\nCreated 5 years ago\r\nModified 5 years ago by mohdrennis\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:grayfish\r\nPage 4 of 7\n\nPublic\r\nTLP: White\r\nKaspersky is a security firm that has been working with highly sophisticated threat actors to gain access to the\r\nnetworks of its users and to their networks, but is also engaged in espionage operations.\r\n354 Subscribers\r\nAuthor Url\r\nEquation: The Death Star of Malware Galaxy | Securelist\r\nCreated 5 years ago\r\nModified 5 years ago by schrodinger\r\nPublic\r\nTLP: White\r\nThe Equation group is one of the world’s most advanced cyber attack groups, according to security firm\r\nKaspersky, which has identified and identified the group as a highly sophisticated threat actor.\r\n88 Subscribers\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:grayfish\r\nPage 5 of 7\n\nequationdrug\r\nCreated 10 years ago by herooutman\r\nPublic\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:grayfish\r\nPage 6 of 7\n\nTLP: Green\r\n86 Subscribers\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:grayfish\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:grayfish\r\nPage 7 of 7", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://otx.alienvault.com/browse/pulses?q=tag:grayfish" ], "report_names": [ "pulses?q=tag:grayfish" ], "threat_actors": [ { "id": "b740943a-da51-4133-855b-df29822531ea", "created_at": "2022-10-25T15:50:23.604126Z", "updated_at": "2026-04-10T02:00:05.259593Z", "deleted_at": null, "main_name": "Equation", "aliases": [ "Equation" ], "source_name": "MITRE:Equation", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "d4f7cf97-9c98-409c-8b95-b80d14c576a5", "created_at": "2022-10-25T16:07:24.561104Z", "updated_at": "2026-04-10T02:00:05.03343Z", "deleted_at": null, "main_name": "Shadow Brokers", "aliases": [], "source_name": "ETDA:Shadow Brokers", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "171b85f2-8f6f-46c0-92e0-c591f61ea167", "created_at": "2023-01-06T13:46:38.830188Z", "updated_at": "2026-04-10T02:00:03.114926Z", "deleted_at": null, "main_name": "The Shadow Brokers", "aliases": [ "Shadow Brokers", "ShadowBrokers", "The ShadowBrokers", "TSB" ], "source_name": "MISPGALAXY:The Shadow Brokers", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "08623296-52be-4977-8622-50efda44e9cc", "created_at": "2023-01-06T13:46:38.549387Z", "updated_at": "2026-04-10T02:00:03.020003Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "Tilded Team", "EQGRP", "G0020" ], "source_name": "MISPGALAXY:Equation Group", "tools": [ "TripleFantasy", "GrayFish", "EquationLaser", "EquationDrug", "DoubleFantasy" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "2d9fbbd7-e4c3-40e5-b751-27af27c8610b", "created_at": "2024-05-01T02:03:08.144214Z", "updated_at": "2026-04-10T02:00:03.674763Z", "deleted_at": null, "main_name": "PLATINUM COLONY", "aliases": [ "Equation Group " ], "source_name": "Secureworks:PLATINUM COLONY", "tools": [ "DoubleFantasy", "EquationDrug", "EquationLaser", "Fanny", "GrayFish", "TripleFantasy" ], "source_id": "Secureworks", "reports": null }, { "id": "e0fed6e6-a593-4041-80ef-694261825937", "created_at": "2022-10-25T16:07:23.593572Z", "updated_at": "2026-04-10T02:00:04.680752Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "APT-C-40", "G0020", "Platinum Colony", "Tilded Team" ], "source_name": "ETDA:Equation Group", "tools": [ "Bvp47", "DEMENTIAWHEEL", "DOUBLEFANTASY", "DanderSpritz", "DarkPulsar", "DoubleFantasy", "DoubleFeature", "DoublePulsar", "Duqu", "EQUATIONDRUG", "EQUATIONLASER", "EQUESTRE", "Flamer", "GRAYFISH", "GROK", "OddJob", "Plexor", "Prax", "Regin", "Skywiper", "TRIPLEFANTASY", "Tilded", "UNITEDRAKE", "WarriorPride", "sKyWIper" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434497, "ts_updated_at": 1775791785, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/779f21e845d43b3f189acaa7b7d738fda2e04d85.pdf", "text": "https://archive.orkl.eu/779f21e845d43b3f189acaa7b7d738fda2e04d85.txt", "img": "https://archive.orkl.eu/779f21e845d43b3f189acaa7b7d738fda2e04d85.jpg" } }