{
	"id": "cadd40c6-ec57-4d60-8028-d72267c3521a",
	"created_at": "2026-04-06T00:12:13.227986Z",
	"updated_at": "2026-04-10T03:38:01.869365Z",
	"deleted_at": null,
	"sha1_hash": "dbff458caa6387a0c36c5fdebbbe4aaff723dbaf",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32067,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy TheNewRaikage\r\nArchived: 2026-04-05 19:03:27 UTC\r\nCVE: 1 | FileHash-MD5: 7 | URL: 1\r\nSince early 2018, FireEye (including our FireEye as a Service (FaaS), Mandiant Consulting, and iSIGHT\r\nIntelligence teams) has been tracking an ongoing wave of intrusions targeting engineering and maritime entities,\r\nespecially those connected to South China Sea issues. The campaign is linked to a group of suspected Chinese\r\ncyber espionage actors we have tracked since 2013, dubbed TEMP.Periscope. The group has also been reported as\r\n“Leviathan” by other security firms.\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:MURKYTOP\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:MURKYTOP\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:MURKYTOP"
	],
	"report_names": [
		"pulses?q=tag:MURKYTOP"
	],
	"threat_actors": [
		{
			"id": "16f2436b-5f84-44e3-a306-f1f9e92f7bea",
			"created_at": "2023-01-06T13:46:38.745572Z",
			"updated_at": "2026-04-10T02:00:03.086207Z",
			"deleted_at": null,
			"main_name": "APT40",
			"aliases": [
				"ATK29",
				"Red Ladon",
				"MUDCARP",
				"ISLANDDREAMS",
				"TEMP.Periscope",
				"KRYPTONITE PANDA",
				"G0065",
				"TA423",
				"ITG09",
				"Gingham Typhoon",
				"TEMP.Jumper",
				"BRONZE MOHAWK",
				"GADOLINIUM"
			],
			"source_name": "MISPGALAXY:APT40",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "83025f5e-302e-46b0-baf6-650a4d313dfc",
			"created_at": "2024-05-01T02:03:07.971863Z",
			"updated_at": "2026-04-10T02:00:03.743131Z",
			"deleted_at": null,
			"main_name": "BRONZE MOHAWK",
			"aliases": [
				"APT40 ",
				"GADOLINIUM ",
				"Gingham Typhoon ",
				"Kryptonite Panda ",
				"Leviathan ",
				"Nanhaishu ",
				"Pickleworm ",
				"Red Ladon ",
				"TA423 ",
				"Temp.Jumper ",
				"Temp.Periscope "
			],
			"source_name": "Secureworks:BRONZE MOHAWK",
			"tools": [
				"AIRBREAK",
				"BlackCoffee",
				"China Chopper",
				"Cobalt Strike",
				"DadJoke",
				"Donut",
				"FUSIONBLAZE",
				"GreenCrash",
				"Meterpreter",
				"Nanhaishu",
				"Orz",
				"SeDll"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "59be3740-c8c7-47aa-84c8-e80d0cb7ea3a",
			"created_at": "2022-10-25T15:50:23.481057Z",
			"updated_at": "2026-04-10T02:00:05.306469Z",
			"deleted_at": null,
			"main_name": "Leviathan",
			"aliases": [
				"MUDCARP",
				"Kryptonite Panda",
				"Gadolinium",
				"BRONZE MOHAWK",
				"TEMP.Jumper",
				"APT40",
				"TEMP.Periscope",
				"Gingham Typhoon"
			],
			"source_name": "MITRE:Leviathan",
			"tools": [
				"Windows Credential Editor",
				"BITSAdmin",
				"HOMEFRY",
				"Derusbi",
				"at",
				"BLACKCOFFEE",
				"BADFLICK",
				"gh0st RAT",
				"PowerSploit",
				"MURKYTOP",
				"NanHaiShu",
				"Orz",
				"Cobalt Strike",
				"China Chopper"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "b9806584-4d82-4f32-ae97-18a2583e8d11",
			"created_at": "2022-10-25T16:07:23.787833Z",
			"updated_at": "2026-04-10T02:00:04.749709Z",
			"deleted_at": null,
			"main_name": "Leviathan",
			"aliases": [
				"APT 40",
				"ATK 29",
				"Bronze Mohawk",
				"G0065",
				"Gadolinium",
				"Gingham Typhoon",
				"ISLANDDREAMS",
				"ITG09",
				"Jumper Taurus",
				"Kryptonite Panda",
				"Mudcarp",
				"Red Ladon",
				"TA423",
				"TEMP.Jumper",
				"TEMP.Periscope"
			],
			"source_name": "ETDA:Leviathan",
			"tools": [
				"AIRBREAK",
				"Agent.dhwf",
				"Agentemis",
				"AngryRebel",
				"BADFLICK",
				"BlackCoffee",
				"CHINACHOPPER",
				"China Chopper",
				"Cobalt Strike",
				"CobaltStrike",
				"DADJOKE",
				"Dadstache",
				"Derusbi",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"GRILLMARK",
				"Gh0st RAT",
				"Ghost RAT",
				"HOMEFRY",
				"Hellsing Backdoor",
				"Kaba",
				"Korplug",
				"LOLBAS",
				"LOLBins",
				"LUNCHMONEY",
				"Living off the Land",
				"MURKYTOP",
				"Moudour",
				"Mydoor",
				"NanHaiShu",
				"Orz",
				"PCRat",
				"PNGRAT",
				"PlugX",
				"RedDelta",
				"SeDLL",
				"Sensocode",
				"SinoChopper",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"WCE",
				"Windows Credential Editor",
				"Windows Credentials Editor",
				"Xamtrav",
				"ZXShell",
				"ZoxPNG",
				"cobeacon",
				"gresim",
				"scanbox"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434333,
	"ts_updated_at": 1775792281,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/dbff458caa6387a0c36c5fdebbbe4aaff723dbaf.pdf",
		"text": "https://archive.orkl.eu/dbff458caa6387a0c36c5fdebbbe4aaff723dbaf.txt",
		"img": "https://archive.orkl.eu/dbff458caa6387a0c36c5fdebbbe4aaff723dbaf.jpg"
	}
}