{
	"id": "7d422da0-e66b-40f5-b51d-37081a9af603",
	"created_at": "2026-04-06T00:16:09.716262Z",
	"updated_at": "2026-04-10T13:11:33.498941Z",
	"deleted_at": null,
	"sha1_hash": "cf1e2c2d7d4190abe690b9874954e3b7250a59b9",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42794,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:48:50 UTC\n APT group: Indra\nNames Indra (self given)\nCountry [Unknown]\nMotivation Sabotage and destruction\nFirst seen 2019\nDescription\n(Check Point) Check Point Research (CPR) warns governments everywhere of the importance\nof protecting critical infrastructure, as it learns that the July 9 cyber attack on Iran’s train\nsystem was carried out by Indra, a group that identifies itself as regime opposition and has the\ncapability to wipe out data without direct means for recovery.\n• CPR analyzed artifacts left by the July 9 cyber attack on Iran’s train system, attributing the\nattacks to a group that self-identifies as Indra\n• CPR confirms that Indra was also responsible for cyber attacks against multiple companies in\nSyria in 2019 and 2020\n• CPR cites cyber attack on Iran’s train system as an example for governments around the\nworld of how a single group can create disruption on critical infrastructure\nObserved\nSectors: Energy, Transportation.\nCountries: Iran, Syria.\nTools used Comet.\nInformation\nLast change to this card: 01 November 2021\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f5b73f45-308f-49db-b275-890a15a85221\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=f5b73f45-308f-49db-b275-890a15a85221\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=f5b73f45-308f-49db-b275-890a15a85221"
	],
	"report_names": [
		"showcard.cgi?u=f5b73f45-308f-49db-b275-890a15a85221"
	],
	"threat_actors": [
		{
			"id": "8309f9cf-9abb-4ce3-aa1e-cda7d7f5c1b3",
			"created_at": "2022-10-25T16:07:23.729215Z",
			"updated_at": "2026-04-10T02:00:04.729076Z",
			"deleted_at": null,
			"main_name": "Indra",
			"aliases": [],
			"source_name": "ETDA:Indra",
			"tools": [
				"Stardust"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "8d28f58b-5ea2-4450-a74a-4a1e39caba6e",
			"created_at": "2026-03-16T02:02:50.582318Z",
			"updated_at": "2026-04-10T02:00:03.777263Z",
			"deleted_at": null,
			"main_name": "COASTLIGHT",
			"aliases": [
				"Gonjeshke Darande",
				"Indra",
				"Predatory Sparrow"
			],
			"source_name": "Secureworks:COASTLIGHT",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "219ddb41-2ea8-4121-8b63-8c762f7e15df",
			"created_at": "2023-01-06T13:46:39.384442Z",
			"updated_at": "2026-04-10T02:00:03.309654Z",
			"deleted_at": null,
			"main_name": "Predatory Sparrow",
			"aliases": [
				"Indra",
				"Gonjeshke Darande"
			],
			"source_name": "MISPGALAXY:Predatory Sparrow",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434569,
	"ts_updated_at": 1775826693,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cf1e2c2d7d4190abe690b9874954e3b7250a59b9.pdf",
		"text": "https://archive.orkl.eu/cf1e2c2d7d4190abe690b9874954e3b7250a59b9.txt",
		"img": "https://archive.orkl.eu/cf1e2c2d7d4190abe690b9874954e3b7250a59b9.jpg"
	}
}