{ "id": "07084904-e96e-49b9-9449-a83da2260bf6", "created_at": "2026-04-06T00:21:59.513809Z", "updated_at": "2026-04-10T03:33:24.136671Z", "deleted_at": null, "sha1_hash": "a0292d20b667d1566295e15e431ddb760d32f60e", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 48791, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 19:51:05 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool TranslucentGh0st\r\n Tool: TranslucentGh0st\r\nNames TranslucentGh0st\r\nCategory Malware\r\nType Backdoor\r\nDescription\r\n(\u003chttps://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf}Bitdefender\u003e) A Variant of Gh0st RAT. The analysis and comparison of\r\nEtherealGh0st and TranslucentGh0st showed that TranslucentGh0st is the predecessor of the\r\nEtherealGh0st. The difference between these two is that TranslucentGh0st uses byte constants\r\nto determine the command to interpret.\r\nThe c2 address is base64 encoded and encrypted with a byte-XOR with 0x28 and SUB 0xC.\r\nThe port is hardcoded into the binary in plain.\r\nInformation\r\n\u003chttps://blogapp.bitdefender.com/labs/content/files/2024/05/Bitdefender-Report-DeepDive-creat7721-en_EN.pdf\u003e\r\nLast change to this tool card: 18 June 2024\r\nDownload this tool card in JSON format\r\nAll groups using tool TranslucentGh0st\r\nChanged Name Country Observed\r\nAPT groups\r\n  Unfading Sea Haze 2018  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c7fe67ce-9ef6-495a-9b4c-b5c7fb2e4c63\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c7fe67ce-9ef6-495a-9b4c-b5c7fb2e4c63\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c7fe67ce-9ef6-495a-9b4c-b5c7fb2e4c63" ], "report_names": [ "listgroups.cgi?u=c7fe67ce-9ef6-495a-9b4c-b5c7fb2e4c63" ], "threat_actors": [ { "id": "f51de4ba-d3f5-4df7-ab5a-034b32584e48", "created_at": "2024-06-20T02:02:10.208158Z", "updated_at": "2026-04-10T02:00:04.960754Z", "deleted_at": null, "main_name": "Unfading Sea Haze", "aliases": [], "source_name": "ETDA:Unfading Sea Haze", "tools": [ "DustyExfilTool", "EtherealGh0st", "FluffyGh0st", "InsidiousGh0st", "Ps2dllLoader", "SerialPktdoor", "SharpJSHandler", "SharpZulip", "SilentGh0st", "Stubbedoor", "TranslucentGh0st", "xkeylog" ], "source_id": "ETDA", "reports": null }, { "id": "cd48e0e6-b206-478d-bcb4-198be54bdf7a", "created_at": "2024-06-07T02:00:04.002734Z", "updated_at": "2026-04-10T02:00:03.644376Z", "deleted_at": null, "main_name": "Unfading Sea Haze", "aliases": [], "source_name": "MISPGALAXY:Unfading Sea Haze", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434919, "ts_updated_at": 1775792004, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/a0292d20b667d1566295e15e431ddb760d32f60e.pdf", "text": "https://archive.orkl.eu/a0292d20b667d1566295e15e431ddb760d32f60e.txt", "img": "https://archive.orkl.eu/a0292d20b667d1566295e15e431ddb760d32f60e.jpg" } }