{ "id": "d68ffdb6-0bbc-481c-8a1d-4cf372d95b25", "created_at": "2026-04-06T00:17:42.532105Z", "updated_at": "2026-04-10T03:34:44.540058Z", "deleted_at": null, "sha1_hash": "8e2a42bdbdfd27f1c014d99d33a17675b8ceb60e", "title": "Voltzite Threat Group | Dragos", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 28054, "plain_text": "Voltzite Threat Group | Dragos\r\nBy September 4, 2025 11:23 AM\r\nArchived: 2026-04-05 16:47:52 UTC\r\nDragos threat intelligence leverages the Dragos Platform, our threat operations center, and other sources to\r\nprovide comprehensive insight into threats affecting industrial control security and safety worldwide. Dragos does\r\nnot corroborate nor conduct political attribution to threat activity. Dragos instead focuses on threat behaviors and\r\nappropriate detection and response. Read more about Dragos’s approach to categorizing threat activity and\r\nattribution.\r\nDragos does not publicly describe ICS threat group technical details except in extraordinary circumstances in\r\norder to limit tradecraft proliferation. However, full details threat group tools, techniques, procedures, and\r\ninfrastructure are available to network defenders via Dragos WorldView.\r\nSource: https://www.dragos.com/threat/voltzite/\r\nhttps://www.dragos.com/threat/voltzite/\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "references": [ "https://www.dragos.com/threat/voltzite/" ], "report_names": [ "voltzite" ], "threat_actors": [ { "id": "846522d7-29cb-4a0c-8ebe-ffba7429e2d7", "created_at": "2023-06-23T02:04:34.793629Z", "updated_at": "2026-04-10T02:00:04.971054Z", "deleted_at": null, "main_name": "Volt Typhoon", "aliases": [ "Bronze Silhouette", "Dev-0391", "Insidious Taurus", "Redfly", "Storm-0391", "UAT-5918", "UAT-7237", "UNC3236", "VOLTZITE", "Vanguard Panda" ], "source_name": "ETDA:Volt Typhoon", "tools": [ "FRP", "Fast Reverse Proxy", "Impacket", "LOLBAS", "LOLBins", "Living off the Land" ], "source_id": "ETDA", "reports": null }, { "id": "a88747e2-ffed-45d8-b847-8464361b2254", "created_at": "2023-11-01T02:01:06.605663Z", "updated_at": "2026-04-10T02:00:05.289908Z", "deleted_at": null, "main_name": "Volt Typhoon", "aliases": [ "Volt Typhoon", "BRONZE SILHOUETTE", "Vanguard Panda", "DEV-0391", "UNC3236", "Voltzite", "Insidious Taurus" ], "source_name": "MITRE:Volt Typhoon", "tools": [ "netsh", "PsExec", "ipconfig", "Wevtutil", "VersaMem", "Tasklist", "Mimikatz", "Impacket", "Systeminfo", "netstat", "Nltest", "certutil", "FRP", "cmd" ], "source_id": "MITRE", "reports": null }, { "id": "49b3063e-a96c-4a43-b28b-1c380ae6a64b", "created_at": "2025-08-07T02:03:24.661509Z", "updated_at": "2026-04-10T02:00:03.644548Z", "deleted_at": null, "main_name": "BRONZE SILHOUETTE", "aliases": [ "Dev-0391 ", "Insidious Taurus ", "UNC3236 ", "Vanguard Panda ", "Volt Typhoon ", "Voltzite " ], "source_name": "Secureworks:BRONZE SILHOUETTE", "tools": [ "Living-off-the-land binaries", "Web shells" ], "source_id": "Secureworks", "reports": null }, { "id": "4ed2b20c-7523-4852-833b-cebee8029f55", "created_at": "2023-05-26T02:02:03.524749Z", "updated_at": "2026-04-10T02:00:03.366175Z", "deleted_at": null, "main_name": "Volt Typhoon", "aliases": [ "BRONZE SILHOUETTE", "VANGUARD PANDA", "UNC3236", "Insidious Taurus", "VOLTZITE", "Dev-0391", "Storm-0391" ], "source_name": "MISPGALAXY:Volt Typhoon", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434662, "ts_updated_at": 1775792084, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/8e2a42bdbdfd27f1c014d99d33a17675b8ceb60e.pdf", "text": "https://archive.orkl.eu/8e2a42bdbdfd27f1c014d99d33a17675b8ceb60e.txt", "img": "https://archive.orkl.eu/8e2a42bdbdfd27f1c014d99d33a17675b8ceb60e.jpg" } }