{
	"id": "3fa40d69-68bb-4f2e-bebe-462cdbdf3c9a",
	"created_at": "2026-04-06T00:06:51.376297Z",
	"updated_at": "2026-04-10T13:11:46.478495Z",
	"deleted_at": null,
	"sha1_hash": "8e872c7bddeda1090a2b1634e375d5b85f9c1db8",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45235,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 15:13:10 UTC\n APT group: Allanite\nNames\nAllanite (Dragos)\nPalmetto Fusion (DHS)\nG1000 (MITRE)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2017\nDescription\n(Dragos) Allanite accesses business and industrial control (ICS) networks, conducts\nreconnaissance, and gathers intelligence in United States and United Kingdom electric\nutility sectors. Dragos assesses with moderate confidence that Allanite operators\ncontinue to maintain ICS network access to: (1) understand the operational environment\nnecessary to develop disruptive capabilities, (2) have ready access from which to disrupt\nelectric utilities.\nAllanite uses email phishing campaigns and compromised websites called watering\nholes to steal credentials and gain access to target networks, including collecting and\ndistributing screenshots of industrial control systems. Allanite operations limit\nthemselves to information gathering and have not demonstrated any disruptive or\ndamaging capabilities.\nAllanite conducts malware-less operations primarily leveraging legitimate and available\ntools in the Windows operating system.\nObserved\nSectors: Energy.\nCountries: UK, USA.\nTools used Inveigh, PsExec, SecreetsDump, THC Hydra and Powershell scripts.\nInformation MITRE ATT\u0026CK Last change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=3f52e219-e79f-44e8-81b3-3e36441fd20b\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=3f52e219-e79f-44e8-81b3-3e36441fd20b\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=3f52e219-e79f-44e8-81b3-3e36441fd20b\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=3f52e219-e79f-44e8-81b3-3e36441fd20b"
	],
	"report_names": [
		"showcard.cgi?u=3f52e219-e79f-44e8-81b3-3e36441fd20b"
	],
	"threat_actors": [
		{
			"id": "a792743d-78a4-40c9-9d9a-a12c52880297",
			"created_at": "2023-01-06T13:46:38.75457Z",
			"updated_at": "2026-04-10T02:00:03.089271Z",
			"deleted_at": null,
			"main_name": "ALLANITE",
			"aliases": [
				"Palmetto Fusion",
				"Allanite"
			],
			"source_name": "MISPGALAXY:ALLANITE",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "1a76ed30-4daf-4817-98ae-87c667364464",
			"created_at": "2022-10-25T16:47:55.891029Z",
			"updated_at": "2026-04-10T02:00:03.646466Z",
			"deleted_at": null,
			"main_name": "IRON LIBERTY",
			"aliases": [
				"ALLANITE ",
				"ATK6 ",
				"BROMINE ",
				"CASTLE ",
				"Crouching Yeti ",
				"DYMALLOY ",
				"Dragonfly ",
				"Energetic Bear / Berserk Bear ",
				"Ghost Blizzard ",
				"TEMP.Isotope ",
				"TG-4192 "
			],
			"source_name": "Secureworks:IRON LIBERTY",
			"tools": [
				"ClientX",
				"Ddex Loader",
				"Havex",
				"Karagany",
				"Loek",
				"MCMD",
				"Sysmain",
				"xfrost"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "0a0132a3-526d-4698-be49-5e75530c1417",
			"created_at": "2022-10-25T15:50:23.856139Z",
			"updated_at": "2026-04-10T02:00:05.42054Z",
			"deleted_at": null,
			"main_name": "ALLANITE",
			"aliases": [
				"ALLANITE",
				"Palmetto Fusion"
			],
			"source_name": "MITRE:ALLANITE",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "1c4281e9-0a4c-4f20-94a2-25ed3661cc98",
			"created_at": "2022-10-25T16:07:23.301826Z",
			"updated_at": "2026-04-10T02:00:04.529332Z",
			"deleted_at": null,
			"main_name": "Allanite",
			"aliases": [
				"G1000",
				"Palmetto Fusion"
			],
			"source_name": "ETDA:Allanite",
			"tools": [
				"PsExec",
				"SecreetsDump",
				"THC Hydra"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "5cbf6c32-482d-4cd2-9d11-0d9311acdc28",
			"created_at": "2023-01-06T13:46:38.39927Z",
			"updated_at": "2026-04-10T02:00:02.958273Z",
			"deleted_at": null,
			"main_name": "ENERGETIC BEAR",
			"aliases": [
				"BERSERK BEAR",
				"ALLANITE",
				"Group 24",
				"Koala Team",
				"G0035",
				"ATK6",
				"ITG15",
				"DYMALLOY",
				"TG-4192",
				"Crouching Yeti",
				"Havex",
				"IRON LIBERTY",
				"Blue Kraken",
				"Ghost Blizzard"
			],
			"source_name": "MISPGALAXY:ENERGETIC BEAR",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434011,
	"ts_updated_at": 1775826706,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8e872c7bddeda1090a2b1634e375d5b85f9c1db8.pdf",
		"text": "https://archive.orkl.eu/8e872c7bddeda1090a2b1634e375d5b85f9c1db8.txt",
		"img": "https://archive.orkl.eu/8e872c7bddeda1090a2b1634e375d5b85f9c1db8.jpg"
	}
}