{
	"id": "1d0eaa92-6bcc-46ec-b248-a46dd744eff3",
	"created_at": "2026-04-06T00:14:51.809786Z",
	"updated_at": "2026-04-10T03:33:28.99896Z",
	"deleted_at": null,
	"sha1_hash": "e1d9ffd12658fc0e173d2d7d97c4085ccb01dae6",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 57100,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 21:22:08 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool MINIBUS\r\n Tool: MINIBUS\r\nNames MINIBUS\r\nCategory Malware\r\nType Backdoor\r\nDescription\r\n(Mandiant) Mandiant observed a second backdoor deployed in this campaign, which bears\r\nmultiple similarities to MINIBIKE and was therefore named MINIBUS. The MINIBUS\r\nplatform has been used since at least August 2023, likely during the same time as the latest\r\nMINIBIKE versions, though not necessarily to target the same victims.\r\nInformation\r\n\u003chttps://cloud.google.com/blog/topics/threat-intelligence/suspected-iranian-unc1549-targets-israel-middle-east\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.minibus\u003e\r\nLast change to this tool card: 29 December 2024\r\nDownload this tool card in JSON format\r\nAll groups using tool MINIBUS\r\nChanged Name Country Observed\r\nAPT groups\r\n      ↳ Subgroup: TA455, Smoke Sandstorm 2021-Sep 2023  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a9cbb5d4-5b51-4fc4-b1f8-b345fd587fd6\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a9cbb5d4-5b51-4fc4-b1f8-b345fd587fd6\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a9cbb5d4-5b51-4fc4-b1f8-b345fd587fd6"
	],
	"report_names": [
		"listgroups.cgi?u=a9cbb5d4-5b51-4fc4-b1f8-b345fd587fd6"
	],
	"threat_actors": [
		{
			"id": "ad78338e-8bb6-4745-acae-27d3cc3cf76d",
			"created_at": "2023-11-17T02:00:07.580677Z",
			"updated_at": "2026-04-10T02:00:03.452097Z",
			"deleted_at": null,
			"main_name": "Bohrium",
			"aliases": [
				"BOHRIUM",
				"IMPERIAL KITTEN",
				"Smoke Sandstorm"
			],
			"source_name": "MISPGALAXY:Bohrium",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "3ce91297-e4c0-4957-8dd7-9047a3e23dc7",
			"created_at": "2023-01-06T13:46:39.054248Z",
			"updated_at": "2026-04-10T02:00:03.197801Z",
			"deleted_at": null,
			"main_name": "Tortoiseshell",
			"aliases": [
				"Yellow Liderc",
				"Imperial Kitten",
				"Crimson Sandstorm",
				"Cuboid Sandstorm",
				"Smoke Sandstorm",
				"IMPERIAL KITTEN",
				"TA456",
				"DUSTYCAVE",
				"CURIUM"
			],
			"source_name": "MISPGALAXY:Tortoiseshell",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "f0f91a2f-ae05-4658-a6df-14938355eecb",
			"created_at": "2024-03-02T02:00:03.833721Z",
			"updated_at": "2026-04-10T02:00:03.598612Z",
			"deleted_at": null,
			"main_name": "UNC1549",
			"aliases": [
				"Nimbus Manticore"
			],
			"source_name": "MISPGALAXY:UNC1549",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "786139da-4139-49d0-9685-e249c5f89f25",
			"created_at": "2024-12-30T02:01:48.731055Z",
			"updated_at": "2026-04-10T02:00:04.763086Z",
			"deleted_at": null,
			"main_name": "TA455",
			"aliases": [
				"Bohrium",
				"DEV-0056",
				"Operation Iranian Dream Job",
				"Smoke Sandstorm",
				"TA455",
				"UNC1549",
				"Yellow Dev 13"
			],
			"source_name": "ETDA:TA455",
			"tools": [
				"LIGHTRAIL",
				"MINIBIKE",
				"SlugResin",
				"SnailResin"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "65ab58e8-770d-4405-bd4c-55903100585b",
			"created_at": "2024-11-16T02:00:03.814784Z",
			"updated_at": "2026-04-10T02:00:03.77413Z",
			"deleted_at": null,
			"main_name": "TA455",
			"aliases": [],
			"source_name": "MISPGALAXY:TA455",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "0dc20eeb-81e3-48ef-9a12-7b38fdcf07b1",
			"created_at": "2025-09-20T02:04:46.693616Z",
			"updated_at": "2026-04-10T02:00:03.735806Z",
			"deleted_at": null,
			"main_name": "COBALT SMOKEY",
			"aliases": [
				"Nimbus Manticore ",
				"Smoke Sandstorm ",
				"Subtle Snail ",
				"TA455 ",
				"UNC1549 "
			],
			"source_name": "Secureworks:COBALT SMOKEY",
			"tools": [
				"LIGHTRAIL",
				"MINIBIKE",
				"MINIBUS"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434491,
	"ts_updated_at": 1775792008,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e1d9ffd12658fc0e173d2d7d97c4085ccb01dae6.pdf",
		"text": "https://archive.orkl.eu/e1d9ffd12658fc0e173d2d7d97c4085ccb01dae6.txt",
		"img": "https://archive.orkl.eu/e1d9ffd12658fc0e173d2d7d97c4085ccb01dae6.jpg"
	}
}