{ "id": "ee8f6f66-db5c-4bd3-98fd-94c7493ed8bb", "created_at": "2026-04-06T00:17:07.654008Z", "updated_at": "2026-04-10T03:28:28.732575Z", "deleted_at": null, "sha1_hash": "7e2f7b7e236a4e1d941224a88a083fcd7b0b8ce1", "title": "[Unnamed groups: North Korea] - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 63814, "plain_text": "[Unnamed groups: North Korea] - Threat Group Cards: A Threat\nActor Encyclopedia\nArchived: 2026-04-05 13:14:02 UTC\n APT group: [Unnamed groups: North Korea]\nNames [Unnamed groups: North Korea] (?)\nCountry North Korea\nMotivation Information theft and espionage\nFirst seen 2019\nDescription\nThese are reported APT activities attributed to a country, but not to an individual\nthreat group.\nObserved Countries: Worldwide.\nTools used\nOperations performed\nAug 2019\nSuspected North Korean Cyber Espionage Campaign Targets Multiple\nForeign Ministries and Think Tanks\nApr 2024\nOperation “DEV#POPPER”\nAnalysis of DEV#POPPER: New Attack Campaign Targeting\nSoftware Developers Likely Associated With North Korean Threat\nActors\nJul 2024\nResearch Update: Threat Actors Behind the DEV#POPPER Campaign\nHave Retooled and are Continuing to Target Software Developers via\nSocial Engineering\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=42a46962-999d-4cd2-bde5-c842e3efdd22\nPage 1 of 3\n\nAug 2024\nSouth Korea says DPRK hackers stole spy plane technical data\nOct 2024\nAPT Actors Embed Malware within macOS Flutter Applications\nCounter operations Jan 2019\nJustice Department Announces Court-Authorized Efforts to Map and\nDisrupt Botnet Used by North Korean Hackers\nInformation\nLast change to this card: 27 June 2025\nDownload this actor card in PDF or JSON format\n↑\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=42a46962-999d-4cd2-bde5-c842e3efdd22\nPage 2 of 3\n\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=42a46962-999d-4cd2-bde5-c842e3efdd22\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=42a46962-999d-4cd2-bde5-c842e3efdd22\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=42a46962-999d-4cd2-bde5-c842e3efdd22" ], "report_names": [ "showcard.cgi?u=42a46962-999d-4cd2-bde5-c842e3efdd22" ], "threat_actors": [ { "id": "8c6bd13a-7977-44ba-89d0-7b8c1240b244", "created_at": "2024-03-14T02:02:15.961249Z", "updated_at": "2026-04-10T02:00:04.990554Z", "deleted_at": null, "main_name": "[Unnamed groups: North Korea]", "aliases": [ "Operation DEV#POPPER" ], "source_name": "ETDA:[Unnamed groups: North Korea]", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "4fc99d9b-9b66-4516-b0db-520fbef049ed", "created_at": "2025-10-29T02:00:51.949631Z", "updated_at": "2026-04-10T02:00:05.346203Z", "deleted_at": null, "main_name": "Contagious Interview", "aliases": [ "Contagious Interview", "DeceptiveDevelopment", "Gwisin Gang", "Tenacious Pungsan", "DEV#POPPER", "PurpleBravo", "TAG-121" ], "source_name": "MITRE:Contagious Interview", "tools": [ "InvisibleFerret", "BeaverTail", "XORIndex Loader", "HexEval Loader" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434627, "ts_updated_at": 1775791708, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/7e2f7b7e236a4e1d941224a88a083fcd7b0b8ce1.pdf", "text": "https://archive.orkl.eu/7e2f7b7e236a4e1d941224a88a083fcd7b0b8ce1.txt", "img": "https://archive.orkl.eu/7e2f7b7e236a4e1d941224a88a083fcd7b0b8ce1.jpg" } }