{ "id": "f8d8e5f7-f1d9-4504-9f8a-cb78c804de0d", "created_at": "2026-04-06T00:07:27.292479Z", "updated_at": "2026-04-10T03:29:45.28673Z", "deleted_at": null, "sha1_hash": "d1c8ef3e73620ddfd221ebf4cbd6b15d84592fe1", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 59415, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:04:53 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool EQUATIONDRUG\n Tool: EQUATIONDRUG\nNames\nEQUATIONDRUG\nEQUESTRE\nCategory Malware\nType Backdoor\nDescription\n(Kaspersky) EquationDrug is one of the main espionage platforms used by the Equation\nGroup, a highly sophisticated threat actor that has been engaged in multiple CNE\n(computer network exploitation) operations dating back to 2001, and perhaps as early as\n1996.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 13 May 2020\nDownload this tool card in JSON format\nAll groups using tool EQUATIONDRUG\nChanged Name Country Observed\nAPT groups\n Equation Group 2001-Aug 2016\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c6f4d24f-a693-4954-9a8f-4bbfd17d8341\nPage 1 of 2\n\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c6f4d24f-a693-4954-9a8f-4bbfd17d8341\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c6f4d24f-a693-4954-9a8f-4bbfd17d8341\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c6f4d24f-a693-4954-9a8f-4bbfd17d8341" ], "report_names": [ "listgroups.cgi?u=c6f4d24f-a693-4954-9a8f-4bbfd17d8341" ], "threat_actors": [ { "id": "b740943a-da51-4133-855b-df29822531ea", "created_at": "2022-10-25T15:50:23.604126Z", "updated_at": "2026-04-10T02:00:05.259593Z", "deleted_at": null, "main_name": "Equation", "aliases": [ "Equation" ], "source_name": "MITRE:Equation", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "08623296-52be-4977-8622-50efda44e9cc", "created_at": "2023-01-06T13:46:38.549387Z", "updated_at": "2026-04-10T02:00:03.020003Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "Tilded Team", "EQGRP", "G0020" ], "source_name": "MISPGALAXY:Equation Group", "tools": [ "TripleFantasy", "GrayFish", "EquationLaser", "EquationDrug", "DoubleFantasy" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "2d9fbbd7-e4c3-40e5-b751-27af27c8610b", "created_at": "2024-05-01T02:03:08.144214Z", "updated_at": "2026-04-10T02:00:03.674763Z", "deleted_at": null, "main_name": "PLATINUM COLONY", "aliases": [ "Equation Group " ], "source_name": "Secureworks:PLATINUM COLONY", "tools": [ "DoubleFantasy", "EquationDrug", "EquationLaser", "Fanny", "GrayFish", "TripleFantasy" ], "source_id": "Secureworks", "reports": null }, { "id": "e0fed6e6-a593-4041-80ef-694261825937", "created_at": "2022-10-25T16:07:23.593572Z", "updated_at": "2026-04-10T02:00:04.680752Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "APT-C-40", "G0020", "Platinum Colony", "Tilded Team" ], "source_name": "ETDA:Equation Group", "tools": [ "Bvp47", "DEMENTIAWHEEL", "DOUBLEFANTASY", "DanderSpritz", "DarkPulsar", "DoubleFantasy", "DoubleFeature", "DoublePulsar", "Duqu", "EQUATIONDRUG", "EQUATIONLASER", "EQUESTRE", "Flamer", "GRAYFISH", "GROK", "OddJob", "Plexor", "Prax", "Regin", "Skywiper", "TRIPLEFANTASY", "Tilded", "UNITEDRAKE", "WarriorPride", "sKyWIper" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434047, "ts_updated_at": 1775791785, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/d1c8ef3e73620ddfd221ebf4cbd6b15d84592fe1.pdf", "text": "https://archive.orkl.eu/d1c8ef3e73620ddfd221ebf4cbd6b15d84592fe1.txt", "img": "https://archive.orkl.eu/d1c8ef3e73620ddfd221ebf4cbd6b15d84592fe1.jpg" } }