{
	"id": "aa3ba963-d508-439e-919c-f9ff34543921",
	"created_at": "2026-04-06T03:37:28.371065Z",
	"updated_at": "2026-04-10T13:11:58.005415Z",
	"deleted_at": null,
	"sha1_hash": "bee6051effb4934ef63ca3ff7b887538dd31ef17",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47426,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 02:57:34 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool GnatSpy\n Tool: GnatSpy\nNames GnatSpy\nCategory Malware\nType Backdoor, Info stealer\nDescription\n(Trend Micro) The capabilities of GnatSpy are similar to early versions of VAMP.\nHowever, there have been some changes in its behavior that highlight the increasing\nsophistication of this particular threat actor.\nThe structure of the new GnatSpy variants is very different from previous variants. More\nreceivers and services have been added, making this malware more capable and modular.\nWe believe this indicates that GnatSpy was designed by someone with more knowledge in\ngood software design practices compared to previous authors.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 28 December 2021\nDownload this tool card in JSON format\nAll groups using tool GnatSpy\nChanged Name Country Observed\nAPT groups\n Desert Falcons [Gaza] 2011-Oct 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=317172df-e1b1-4816-aa5a-4b3504e123b6\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=317172df-e1b1-4816-aa5a-4b3504e123b6\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=317172df-e1b1-4816-aa5a-4b3504e123b6\r\nPage 2 of 2\n\nAPT groups Desert Falcons [Gaza] 2011-Oct 2023\n1 group listed (1 APT, 0 other, 0 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=317172df-e1b1-4816-aa5a-4b3504e123b6"
	],
	"report_names": [
		"listgroups.cgi?u=317172df-e1b1-4816-aa5a-4b3504e123b6"
	],
	"threat_actors": [
		{
			"id": "9ff60d4d-153b-4ed5-a2f7-18a21d2fa05d",
			"created_at": "2022-10-25T16:07:23.539852Z",
			"updated_at": "2026-04-10T02:00:04.647734Z",
			"deleted_at": null,
			"main_name": "Desert Falcons",
			"aliases": [
				"APT-C-23",
				"ATK 66",
				"Arid Viper",
				"Niobium",
				"Operation Arid Viper",
				"Operation Bearded Barbie",
				"Operation Rebound",
				"Pinstripe Lightning",
				"Renegade Jackal",
				"TAG-63",
				"TAG-CT1",
				"Two-tailed Scorpion"
			],
			"source_name": "ETDA:Desert Falcons",
			"tools": [
				"AridSpy",
				"Barb(ie) Downloader",
				"BarbWire",
				"Desert Scorpion",
				"FrozenCell",
				"GlanceLove",
				"GnatSpy",
				"KasperAgent",
				"Micropsia",
				"PyMICROPSIA",
				"SpyC23",
				"Viper RAT",
				"ViperRAT",
				"VolatileVenom",
				"WinkChat",
				"android.micropsia"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775446648,
	"ts_updated_at": 1775826718,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bee6051effb4934ef63ca3ff7b887538dd31ef17.pdf",
		"text": "https://archive.orkl.eu/bee6051effb4934ef63ca3ff7b887538dd31ef17.txt",
		"img": "https://archive.orkl.eu/bee6051effb4934ef63ca3ff7b887538dd31ef17.jpg"
	}
}