{
	"id": "f7688655-09d5-4dcd-a512-334674bb2185",
	"created_at": "2026-04-06T03:36:43.548837Z",
	"updated_at": "2026-04-10T03:23:55.90399Z",
	"deleted_at": null,
	"sha1_hash": "d372e68a31c224bea9f1f88e32bd32d7c599db4b",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41761,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 03:25:30 UTC\n APT group: Karkadann\nNames Karkadann (Kaspersky)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2020\nDescription\n(Kaspersky) Karkadann is a threat actor that has been targeting government bodies and news\noutlets in the Middle East since at least October 2020. The threat actor leverages tailor-made\nmalicious documents with embedded macros that trigger an infection chain, opening a URL in\nInternet Explorer. The minimal functionality present in the macros and the browser\nspecification suggest that the threat actor might be exploiting a privilege-escalation\nvulnerability in Internet Explorer. Despite the small amount of evidence available for analysis\nin the Karkadann case, we were able to find several similarities to the Piwiks case, a watering-hole attack we discovered that targeted multiple prominent websites in the Middle East.\nObserved\nSectors: Government, Media.\nCountries: Middle East.\nTools used\nInformation Last change to this card: 16 May 2021\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d2b2b2d8-739f-4602-98e2-b53dfb24792e\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d2b2b2d8-739f-4602-98e2-b53dfb24792e\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d2b2b2d8-739f-4602-98e2-b53dfb24792e"
	],
	"report_names": [
		"showcard.cgi?u=d2b2b2d8-739f-4602-98e2-b53dfb24792e"
	],
	"threat_actors": [
		{
			"id": "5e034014-1f6e-424d-adfa-49557e655e08",
			"created_at": "2024-02-06T02:00:04.118601Z",
			"updated_at": "2026-04-10T02:00:03.572699Z",
			"deleted_at": null,
			"main_name": "Karkadann",
			"aliases": [
				"Piwiks"
			],
			"source_name": "MISPGALAXY:Karkadann",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "8f6bd9b8-e46e-4c3b-9a08-41fee319f273",
			"created_at": "2022-10-25T16:07:23.747959Z",
			"updated_at": "2026-04-10T02:00:04.735963Z",
			"deleted_at": null,
			"main_name": "Karkadann",
			"aliases": [],
			"source_name": "ETDA:Karkadann",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775446603,
	"ts_updated_at": 1775791435,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d372e68a31c224bea9f1f88e32bd32d7c599db4b.pdf",
		"text": "https://archive.orkl.eu/d372e68a31c224bea9f1f88e32bd32d7c599db4b.txt",
		"img": "https://archive.orkl.eu/d372e68a31c224bea9f1f88e32bd32d7c599db4b.jpg"
	}
}