{
	"id": "8f177498-395c-4b55-9593-1f9aff50016b",
	"created_at": "2026-04-06T00:18:14.887665Z",
	"updated_at": "2026-04-10T03:35:27.482475Z",
	"deleted_at": null,
	"sha1_hash": "d3eddc19de8291fdfc5b5c7527314cc4cac825a6",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49333,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:07:06 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Bourbon\n Tool: Bourbon\nNames Bourbon\nCategory Malware\nType Info stealer\nDescription\n(Citizen Lab) During our analysis, we were able to acquire two plugin packages, named\n“Bourbon.jar” and “IceCube.jar” which added functionality including exfiltrating SMS text\nmessages, address books, and call logs, and spying on the target through their phone’s camera,\nmicrophone, and GPS.\nInformation\nLast change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool Bourbon\nChanged Name Country Observed\nAPT groups\n Poison Carp, Evil Eye 2018-Jun 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6833be25-8f66-46cf-9747-96cc3ee48a5a\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6833be25-8f66-46cf-9747-96cc3ee48a5a\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6833be25-8f66-46cf-9747-96cc3ee48a5a"
	],
	"report_names": [
		"listgroups.cgi?u=6833be25-8f66-46cf-9747-96cc3ee48a5a"
	],
	"threat_actors": [
		{
			"id": "f0ebaf6d-5e1a-4ed7-aa2c-0e69a648acea",
			"created_at": "2022-10-25T16:07:23.597455Z",
			"updated_at": "2026-04-10T02:00:04.683154Z",
			"deleted_at": null,
			"main_name": "Evil Eye",
			"aliases": [],
			"source_name": "ETDA:Evil Eye",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "52973e5f-9656-4b60-b7f8-457e32ac4bbe",
			"created_at": "2023-01-06T13:46:39.056888Z",
			"updated_at": "2026-04-10T02:00:03.198866Z",
			"deleted_at": null,
			"main_name": "POISON CARP",
			"aliases": [
				"Evil Eye",
				"Red Dev 16",
				"Earth Empusa"
			],
			"source_name": "MISPGALAXY:POISON CARP",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d2a5c949-7ae0-4610-8bb8-047ab03b1574",
			"created_at": "2022-10-25T16:07:24.064197Z",
			"updated_at": "2026-04-10T02:00:04.856578Z",
			"deleted_at": null,
			"main_name": "Poison Carp",
			"aliases": [
				"Earth Empusa",
				"Evil Eye",
				"EvilBamboo",
				"Poison Carp",
				"Red Dev 16",
				"Sentinel Taurus"
			],
			"source_name": "ETDA:Poison Carp",
			"tools": [
				"ActionSpy",
				"AxeSpy",
				"BADSIGNAL",
				"BADSOLAR",
				"BadBazaar",
				"IRONSQUIRREL",
				"IceCube",
				"MOONSHINE",
				"PoisonCarp"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434694,
	"ts_updated_at": 1775792127,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d3eddc19de8291fdfc5b5c7527314cc4cac825a6.pdf",
		"text": "https://archive.orkl.eu/d3eddc19de8291fdfc5b5c7527314cc4cac825a6.txt",
		"img": "https://archive.orkl.eu/d3eddc19de8291fdfc5b5c7527314cc4cac825a6.jpg"
	}
}