{
	"id": "78b84205-b826-4fb6-b61f-9681b4ea6ed2",
	"created_at": "2026-04-06T01:31:27.118612Z",
	"updated_at": "2026-04-10T03:31:24.628561Z",
	"deleted_at": null,
	"sha1_hash": "c554730f58c26554b099986b670aa8378d108538",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 53622,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 00:41:46 UTC\n APT group: OnionDog\nNames OnionDog (Qihoo 360)\nCountry South Korea\nMotivation Information theft and espionage\nFirst seen 2013\nDescription\nSeems to be a Cyber Drill that is conducted every year rather than an APT, according to findings from TrendMicro.\n(Qihoo 360) The Helios Team at 360 SkyEye Labs recently revealed that a hacker group named OnionDog has been infiltrating and steal\nenergy, transportation and other infrastructure industries of Korean-language countries through the Internet. According to big data correl\nactivity can be traced back to October, 2013 and in the following two years it was only active between late July and early September. Th\nattack is 15 days on average and is distinctly organizational and objective-oriented.\nOnionDog malware is transmitted by taking advantage of the vulnerability of the popular office software Hangul in Korean-language cou\nisolated targets through a USB Worm. In addition, OnionDog also used darkweb ('Onion City') communications tools, with which it can\nOnion browser, making its real identity hidden in the completely anonymous Tor network.\nObserved\nSectors: Energy, Government, Transportation, Utilities.\nCountries: South Korea.\nTools used Malware on USB stick.\nInformation\nLast change to this card: 14 April 2020\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=acc879e8-ecaf-4090-bebf-7ce411e19820\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=acc879e8-ecaf-4090-bebf-7ce411e19820\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=acc879e8-ecaf-4090-bebf-7ce411e19820"
	],
	"report_names": [
		"showcard.cgi?u=acc879e8-ecaf-4090-bebf-7ce411e19820"
	],
	"threat_actors": [
		{
			"id": "747b4660-9b3a-42cf-a773-6b1deea49184",
			"created_at": "2023-01-06T13:46:38.684133Z",
			"updated_at": "2026-04-10T02:00:03.067236Z",
			"deleted_at": null,
			"main_name": "OnionDog",
			"aliases": [],
			"source_name": "MISPGALAXY:OnionDog",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "77966817-8b8c-4098-bbba-2b157fbe41ea",
			"created_at": "2022-10-25T16:07:23.923066Z",
			"updated_at": "2026-04-10T02:00:04.791458Z",
			"deleted_at": null,
			"main_name": "OnionDog",
			"aliases": [],
			"source_name": "ETDA:OnionDog",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439087,
	"ts_updated_at": 1775791884,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c554730f58c26554b099986b670aa8378d108538.pdf",
		"text": "https://archive.orkl.eu/c554730f58c26554b099986b670aa8378d108538.txt",
		"img": "https://archive.orkl.eu/c554730f58c26554b099986b670aa8378d108538.jpg"
	}
}