{
	"id": "2be317d9-10d0-4f8f-a90e-8f93e51a45aa",
	"created_at": "2026-04-06T00:12:17.436419Z",
	"updated_at": "2026-04-10T13:11:29.274845Z",
	"deleted_at": null,
	"sha1_hash": "b7fa648498440762baebd335fac60fe4979a858e",
	"title": "Mandiant APT 42 Report | Mandiant",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 54680,
	"plain_text": "Mandiant APT 42 Report | Mandiant\r\nArchived: 2026-04-02 11:24:56 UTC\r\nConsulting\r\nIntelligence\r\nManaged Services\r\nSolutions\r\nProducts\r\nResources\r\nSign in to Advantage\r\nGet Started\r\nMandiant is now part of Google Cloud and continues to provide product-agnostic cybersecurity consulting and\r\nintelligence services to organizations. Learn More \u003e\r\nContact us\r\nreport_problemIncident Response Assistance\r\nBreadcrumb\r\n1. Home\r\n2. Mandiant APT 42 Report\r\nFile\r\napt42-report-mandiant.pdf (2.5 MB)\r\nSource: https://www.mandiant.com/media/17826\r\nhttps://www.mandiant.com/media/17826\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"MITRE",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.mandiant.com/media/17826"
	],
	"report_names": [
		"17826"
	],
	"threat_actors": [
		{
			"id": "9f778366-a4a7-42f1-ab1e-362aa065ee4f",
			"created_at": "2022-10-25T16:07:23.362157Z",
			"updated_at": "2026-04-10T02:00:04.562925Z",
			"deleted_at": null,
			"main_name": "APT 42",
			"aliases": [
				"GreenBravo"
			],
			"source_name": "ETDA:APT 42",
			"tools": [
				"BROKEYOLK",
				"CHAIRSMACK",
				"CORRUPT KITTEN",
				"DOSTEALER",
				"GORBLE",
				"Ghambar",
				"MAGICDROP",
				"PINEFLOWER",
				"POWERPOST",
				"SILENTUPLOADER",
				"TABBYCAT",
				"TAMECAT",
				"VBREVSHELL",
				"VINETHORN"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d0e8337e-16a7-48f2-90cf-8fd09a7198d1",
			"created_at": "2023-03-04T02:01:54.091301Z",
			"updated_at": "2026-04-10T02:00:03.356317Z",
			"deleted_at": null,
			"main_name": "APT42",
			"aliases": [
				"UNC788",
				"CALANQUE"
			],
			"source_name": "MISPGALAXY:APT42",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "99c7aace-96b1-445b-87e7-d8bdd01d5e03",
			"created_at": "2025-08-07T02:03:24.746965Z",
			"updated_at": "2026-04-10T02:00:03.640335Z",
			"deleted_at": null,
			"main_name": "COBALT ILLUSION",
			"aliases": [
				"APT35 ",
				"APT42 ",
				"Agent Serpens Palo Alto",
				"Charming Kitten ",
				"CharmingCypress ",
				"Educated Manticore Checkpoint",
				"ITG18 ",
				"Magic Hound ",
				"Mint Sandstorm sub-group ",
				"NewsBeef ",
				"Newscaster ",
				"PHOSPHORUS sub-group ",
				"TA453 ",
				"UNC788 ",
				"Yellow Garuda "
			],
			"source_name": "Secureworks:COBALT ILLUSION",
			"tools": [
				"Browser Exploitation Framework (BeEF)",
				"MagicHound Toolset",
				"PupyRAT"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "0b212c43-009a-4205-a1f7-545c5e4cfdf8",
			"created_at": "2025-04-23T02:00:55.275208Z",
			"updated_at": "2026-04-10T02:00:05.270553Z",
			"deleted_at": null,
			"main_name": "APT42",
			"aliases": [
				"APT42"
			],
			"source_name": "MITRE:APT42",
			"tools": [
				"NICECURL",
				"TAMECAT"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434337,
	"ts_updated_at": 1775826689,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b7fa648498440762baebd335fac60fe4979a858e.pdf",
		"text": "https://archive.orkl.eu/b7fa648498440762baebd335fac60fe4979a858e.txt",
		"img": "https://archive.orkl.eu/b7fa648498440762baebd335fac60fe4979a858e.jpg"
	}
}