{
	"id": "9ac49f91-30a6-46fa-934e-f70cc18e0fff",
	"created_at": "2026-04-06T00:22:11.692255Z",
	"updated_at": "2026-04-10T13:12:21.739785Z",
	"deleted_at": null,
	"sha1_hash": "d28a214f7d8c31ba3c79a00302ede3a02873bf7b",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48955,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 21:24:55 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool IRONSQUIRREL\r\n Tool: IRONSQUIRREL\r\nNames IRONSQUIRREL\r\nCategory Exploits\r\nType 0-day, Loader\r\nDescription\r\nThis project aims at delivering browser exploits to the victim browser in an encrypted fashion.\r\nEllyptic-curve Diffie-Hellman (secp256k1) is used for key agreement and AES is used for\r\nencryption.\r\nBy delivering the exploit code (and shellcode) to the victim in an encrypted way, the attack can\r\nnot be replayed. Meanwhile the HTML/JS source is encrypted thus reverse engineering the\r\nexploit is significantly harder.\r\nInformation \u003chttps://github.com/MRGEffitas/Ironsquirrel\u003e\r\nLast change to this tool card: 22 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool IRONSQUIRREL\r\nChanged Name Country Observed\r\nAPT groups\r\n  Poison Carp, Evil Eye 2018-Jun 2023\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c2b9177b-36f5-4ee4-be17-d764909e266a\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c2b9177b-36f5-4ee4-be17-d764909e266a\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c2b9177b-36f5-4ee4-be17-d764909e266a"
	],
	"report_names": [
		"listgroups.cgi?u=c2b9177b-36f5-4ee4-be17-d764909e266a"
	],
	"threat_actors": [
		{
			"id": "f0ebaf6d-5e1a-4ed7-aa2c-0e69a648acea",
			"created_at": "2022-10-25T16:07:23.597455Z",
			"updated_at": "2026-04-10T02:00:04.683154Z",
			"deleted_at": null,
			"main_name": "Evil Eye",
			"aliases": [],
			"source_name": "ETDA:Evil Eye",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "52973e5f-9656-4b60-b7f8-457e32ac4bbe",
			"created_at": "2023-01-06T13:46:39.056888Z",
			"updated_at": "2026-04-10T02:00:03.198866Z",
			"deleted_at": null,
			"main_name": "POISON CARP",
			"aliases": [
				"Evil Eye",
				"Red Dev 16",
				"Earth Empusa"
			],
			"source_name": "MISPGALAXY:POISON CARP",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d2a5c949-7ae0-4610-8bb8-047ab03b1574",
			"created_at": "2022-10-25T16:07:24.064197Z",
			"updated_at": "2026-04-10T02:00:04.856578Z",
			"deleted_at": null,
			"main_name": "Poison Carp",
			"aliases": [
				"Earth Empusa",
				"Evil Eye",
				"EvilBamboo",
				"Poison Carp",
				"Red Dev 16",
				"Sentinel Taurus"
			],
			"source_name": "ETDA:Poison Carp",
			"tools": [
				"ActionSpy",
				"AxeSpy",
				"BADSIGNAL",
				"BADSOLAR",
				"BadBazaar",
				"IRONSQUIRREL",
				"IceCube",
				"MOONSHINE",
				"PoisonCarp"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434931,
	"ts_updated_at": 1775826741,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d28a214f7d8c31ba3c79a00302ede3a02873bf7b.pdf",
		"text": "https://archive.orkl.eu/d28a214f7d8c31ba3c79a00302ede3a02873bf7b.txt",
		"img": "https://archive.orkl.eu/d28a214f7d8c31ba3c79a00302ede3a02873bf7b.jpg"
	}
}