{
	"id": "785fed20-251b-4938-ba9d-5a48173322ee",
	"created_at": "2026-04-06T00:18:00.253444Z",
	"updated_at": "2026-04-10T03:36:22.858763Z",
	"deleted_at": null,
	"sha1_hash": "c48ec1f3648b90977307c93b591cf6734df199ba",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 56461,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 14:41:39 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Tonnerre\n Tool: Tonnerre\nNames Tonnerre\nCategory Malware\nType Backdoor, Info stealer, Exfiltration\nDescription\n(Check Point) The malware contains 5 Delphi forms, with each one responsible for a different\ncapability:\nForm1 – Malware Installation and upgrading process.\nForm2 – Collects files from predefined folders – Documents, Downloads, Pictures and more.\nForm3 – Connects to an FTP server to exfiltrate collected data and get further commands.\nForm4 – Collects files from removable devices for exfiltration.\nForm5 – Uses the lame command line tool to record sound.\nInformation\nMalpedia Last change to this tool card: 24 April 2021\nDownload this tool card in JSON format\nAll groups using tool Tonnerre\nChanged Name Country Observed\nAPT groups\n Infy, Prince of Persia 2007-Feb 2017\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bdbeb269-24c2-494e-a6c0-aba5a0cb6e59\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bdbeb269-24c2-494e-a6c0-aba5a0cb6e59\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bdbeb269-24c2-494e-a6c0-aba5a0cb6e59\r\nPage 2 of 2\n\nAPT groups Infy, Prince of Persia 2007-Feb 2017 \n1 group listed (1 APT, 0 other, 0 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bdbeb269-24c2-494e-a6c0-aba5a0cb6e59"
	],
	"report_names": [
		"listgroups.cgi?u=bdbeb269-24c2-494e-a6c0-aba5a0cb6e59"
	],
	"threat_actors": [
		{
			"id": "f763fd1f-f697-40eb-a082-df6fd3d13cb1",
			"created_at": "2023-01-06T13:46:38.561288Z",
			"updated_at": "2026-04-10T02:00:03.024326Z",
			"deleted_at": null,
			"main_name": "Infy",
			"aliases": [
				"Operation Mermaid",
				"Prince of Persia",
				"Foudre"
			],
			"source_name": "MISPGALAXY:Infy",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "59c9f31b-e032-44b9-bf3b-4f2cb3d17e39",
			"created_at": "2022-10-25T16:07:23.734244Z",
			"updated_at": "2026-04-10T02:00:04.731031Z",
			"deleted_at": null,
			"main_name": "Infy",
			"aliases": [
				"APT-C-07",
				"Infy",
				"Operation Mermaid",
				"Prince of Persia"
			],
			"source_name": "ETDA:Infy",
			"tools": [
				"Foudre",
				"Infy",
				"Tonnerre"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434680,
	"ts_updated_at": 1775792182,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c48ec1f3648b90977307c93b591cf6734df199ba.pdf",
		"text": "https://archive.orkl.eu/c48ec1f3648b90977307c93b591cf6734df199ba.txt",
		"img": "https://archive.orkl.eu/c48ec1f3648b90977307c93b591cf6734df199ba.jpg"
	}
}