{
	"id": "3375930f-447c-4bd0-8811-de087892b6f6",
	"created_at": "2026-04-06T01:29:42.167138Z",
	"updated_at": "2026-04-10T03:25:09.026331Z",
	"deleted_at": null,
	"sha1_hash": "a38414ed3bef24e7cdc8f00acb1badfbbc25cfb1",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52376,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-06 00:44:17 UTC\r\nHome \u003e List all groups \u003e Tracer Kitten\r\n APT group: Tracer Kitten\r\nNames Tracer Kitten (CrowdStrike)\r\nCountry Iran\r\nMotivation Information theft and espionage\r\nFirst seen 2020\r\nDescription\r\n(CrowdStrike) In April 2020, OverWatch discovered Iran-based adversary TRACER KITTEN\r\nconducting malicious interactive activity against multiple hosts at a telecommunications\r\ncompany in the Europe, Middle East and Africa (EMEA) region. The actor was found\r\noperating under valid user accounts, using custom backdoors in combination with SSH tunnels\r\nfor C2. The adversary leveraged their foothold to conduct a variety of reconnaissance\r\nactivities, undertake credential harvesting and prepare for data exfiltration.\r\nTelecommunications is currently the third most frequently targeted vertical. This industry still\r\nremains firmly within the crosshairs for targeted attacks, the motivations of which are likely\r\nassociated with espionage and data theft objectives.\r\nObserved\r\nSectors: Telecommunications.\r\nCountries: Europe, Middle East and Africa.\r\nTools used\r\nInformation\r\n\u003chttps://go.crowdstrike.com/rs/281-OBQ-266/images/Report2020OverWatchNowheretoHide.pdf\u003e\r\nLast change to this card: 31 December 2022\r\nDownload this actor card in PDF or JSON format\r\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=cabd014b-5087-4ff8-b0c8-74202e82fa1d\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=cabd014b-5087-4ff8-b0c8-74202e82fa1d\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=cabd014b-5087-4ff8-b0c8-74202e82fa1d"
	],
	"report_names": [
		"showcard.cgi?u=cabd014b-5087-4ff8-b0c8-74202e82fa1d"
	],
	"threat_actors": [
		{
			"id": "1ed75079-f888-43b3-af65-f4ff97f91ba5",
			"created_at": "2022-10-25T16:07:23.286995Z",
			"updated_at": "2026-04-10T02:00:04.943959Z",
			"deleted_at": null,
			"main_name": "Tracer Kitten",
			"aliases": [],
			"source_name": "ETDA:Tracer Kitten",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "514a85a9-76e4-46fe-a6fa-98d15fcecc80",
			"created_at": "2023-01-06T13:46:39.172445Z",
			"updated_at": "2026-04-10T02:00:03.235476Z",
			"deleted_at": null,
			"main_name": "TRACER KITTEN",
			"aliases": [],
			"source_name": "MISPGALAXY:TRACER KITTEN",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775438982,
	"ts_updated_at": 1775791509,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a38414ed3bef24e7cdc8f00acb1badfbbc25cfb1.pdf",
		"text": "https://archive.orkl.eu/a38414ed3bef24e7cdc8f00acb1badfbbc25cfb1.txt",
		"img": "https://archive.orkl.eu/a38414ed3bef24e7cdc8f00acb1badfbbc25cfb1.jpg"
	}
}