{
	"id": "6ff8c096-ecd3-46de-9ed8-acdd471a8831",
	"created_at": "2026-04-06T00:07:08.187119Z",
	"updated_at": "2026-04-10T03:34:17.914705Z",
	"deleted_at": null,
	"sha1_hash": "86af6861e09548639ab4b6a7dc0d50229eb6d599",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48769,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 20:19:13 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Harpoon\r\n Tool: Harpoon\r\nNames\r\nHarpoon\r\nGarpun\r\nCategory Malware\r\nType Reconnaissance, Backdoor, Keylogger, Info stealer, Exfiltration\r\nDescription (Qihoo 360) [Google translated] Harpoon is a backdoor program for specific users\r\nindependently developed by the Golden Eagle (APT-C-34) organization, which is implemented\r\nusing Delphi. We obtained the instruction manual of the backdoor. The backdoor has powerful\r\ninformation collection functions, including screen captures, audio recordings, clipboard\r\nrecords, keyboard records, and stealing files with specific extensions.\r\nThe STS Harpoon program provides the following functions:\r\n• Keylogger\r\n• Clipboard record\r\n• Take screenshots of the active window on the desktop of the target computer at\r\npredetermined intervals;\r\n• List the contents of a given directory on the hard disk of the target computer;\r\n• Get Skype login name, contact list and chat messages;\r\n• Get Skype and Google Hangouts callers and voice records;\r\n• Record sound from the microphone and eavesdrop;\r\n• Copy the specified file from the target computer;\r\n• Automatically copy document files from removable media on the target computer;\r\n• Package all the intercepted and copied information into an encrypted dat file, and then save\r\nthem in the specified directory;\r\n• Send the obtained information to the specified FTP;\r\n• Run programs or operating system commands;\r\n• Download files from a given FTP and release them to a specified directory;\r\n• Remotely reconfigure and update components;\r\n• Receive information from a given FTP and automatically unzip the file to a specified\r\ndirectory;\r\n• Self-destruct\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e74394ee-e4ab-4642-aca4-fa84d0dcabbf\r\nPage 1 of 2\n\nThe information collected by the backdoor is encrypted and uploaded to the designated FTP\r\nserver. The related collected information is in the encrypted configuration file.\r\nInformation \u003chttp://blogs.360.cn/post/APT-C-34_Golden_Falcon.html\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Harpoon\r\nChanged Name Country Observed\r\nAPT groups\r\n  DustSquad, Golden Falcon 2014-2020  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e74394ee-e4ab-4642-aca4-fa84d0dcabbf\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e74394ee-e4ab-4642-aca4-fa84d0dcabbf\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e74394ee-e4ab-4642-aca4-fa84d0dcabbf"
	],
	"report_names": [
		"listgroups.cgi?u=e74394ee-e4ab-4642-aca4-fa84d0dcabbf"
	],
	"threat_actors": [
		{
			"id": "978775b9-369d-44f7-8a42-76d7b9cb42d5",
			"created_at": "2022-10-25T15:50:23.846105Z",
			"updated_at": "2026-04-10T02:00:05.36378Z",
			"deleted_at": null,
			"main_name": "Nomadic Octopus",
			"aliases": [
				"Nomadic Octopus",
				"DustSquad"
			],
			"source_name": "MITRE:Nomadic Octopus",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "70661552-6715-4750-bf4e-527055d3e7b4",
			"created_at": "2023-11-08T02:00:07.114392Z",
			"updated_at": "2026-04-10T02:00:03.417207Z",
			"deleted_at": null,
			"main_name": "DustSquad",
			"aliases": [
				"Nomadic Octopus"
			],
			"source_name": "MISPGALAXY:DustSquad",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "8b1844c0-671a-41e0-abb1-8abc556738b5",
			"created_at": "2023-01-06T13:46:39.074954Z",
			"updated_at": "2026-04-10T02:00:03.2046Z",
			"deleted_at": null,
			"main_name": "APT-C-34",
			"aliases": [
				"Golden Falcon"
			],
			"source_name": "MISPGALAXY:APT-C-34",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "f6fe4b4f-9694-4ffc-94ef-a0cc5aef94d9",
			"created_at": "2022-10-25T16:07:23.556112Z",
			"updated_at": "2026-04-10T02:00:04.655561Z",
			"deleted_at": null,
			"main_name": "DustSquad",
			"aliases": [
				"APT-C-34",
				"DustSquad",
				"G0133",
				"Golden Falcon",
				"Nomadic Octopus"
			],
			"source_name": "ETDA:DustSquad",
			"tools": [
				"Garpun",
				"Paperbug",
				"Remote Control System"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434028,
	"ts_updated_at": 1775792057,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/86af6861e09548639ab4b6a7dc0d50229eb6d599.pdf",
		"text": "https://archive.orkl.eu/86af6861e09548639ab4b6a7dc0d50229eb6d599.txt",
		"img": "https://archive.orkl.eu/86af6861e09548639ab4b6a7dc0d50229eb6d599.jpg"
	}
}