{
	"id": "088cddab-8478-4d0b-833d-7ce84081516b",
	"created_at": "2026-04-06T00:16:22.70723Z",
	"updated_at": "2026-04-10T13:12:24.760339Z",
	"deleted_at": null,
	"sha1_hash": "b1ced868349b36b7a5bd639bcbb023c9fba1376b",
	"title": "Fishing Elephant - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44110,
	"plain_text": "Fishing Elephant - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-05 14:37:50 UTC\nHome \u003e List all groups \u003e Fishing Elephant\n APT group: Fishing Elephant\nNames Fishing Elephant (Kaspersky)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2019\nDescription\n(Kaspersky) During the last months of 2019, we observed an ongoing campaign conducted by\nFishing Elephant. The group continues to use both Heroku and Dropbox in order to deliver its\ntool of choice, AresRAT. We discovered that the actor incorporated a new technique into its\noperations that is meant to hinder manual and automatic analysis – geo-fencing and hiding\nexecutables within certificate files. During our research, we also detected a change in\nvictimology that may reflect the current interests of the threat actor: the group is targeting\ngovernment and diplomatic entities in Turkey, Pakistan, Bangladesh, Ukraine and China.\nObserved\nSectors: Government.\nCountries: Bangladesh, China, Pakistan, Turkey, Ukraine.\nTools used AresRAT.\nInformation Last change to this card: 01 May 2020\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=05bd08d3-867d-4e59-a08c-8fda0fa883a7\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=05bd08d3-867d-4e59-a08c-8fda0fa883a7\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=05bd08d3-867d-4e59-a08c-8fda0fa883a7"
	],
	"report_names": [
		"showcard.cgi?u=05bd08d3-867d-4e59-a08c-8fda0fa883a7"
	],
	"threat_actors": [
		{
			"id": "ee5490f7-ac43-4908-85c4-a5f6fa5a1c51",
			"created_at": "2022-10-25T16:07:23.642491Z",
			"updated_at": "2026-04-10T02:00:04.69794Z",
			"deleted_at": null,
			"main_name": "Fishing Elephant",
			"aliases": [],
			"source_name": "ETDA:Fishing Elephant",
			"tools": [
				"AresRAT"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "84f7f3ff-feef-4966-963b-523c828773d2",
			"created_at": "2024-02-06T02:00:04.131601Z",
			"updated_at": "2026-04-10T02:00:03.575609Z",
			"deleted_at": null,
			"main_name": "Fishing Elephant",
			"aliases": [
				"Outrider Tiger"
			],
			"source_name": "MISPGALAXY:Fishing Elephant",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434582,
	"ts_updated_at": 1775826744,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b1ced868349b36b7a5bd639bcbb023c9fba1376b.pdf",
		"text": "https://archive.orkl.eu/b1ced868349b36b7a5bd639bcbb023c9fba1376b.txt",
		"img": "https://archive.orkl.eu/b1ced868349b36b7a5bd639bcbb023c9fba1376b.jpg"
	}
}