{
	"id": "7da550e7-fe96-477d-9fa8-a560503aa678",
	"created_at": "2026-04-06T00:13:10.786793Z",
	"updated_at": "2026-04-10T03:34:57.580012Z",
	"deleted_at": null,
	"sha1_hash": "e447122ed3967daaa303682575a8c209a188f32b",
	"title": "LevelBlue - Open Threat Exchange",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 33892,
	"plain_text": "LevelBlue - Open Threat Exchange\r\nBy AlienVault\r\nArchived: 2026-04-05 14:56:00 UTC\r\nCVE: 5 | FileHash-MD5: 2 | FileHash-SHA1: 1 | FileHash-SHA256: 195 | URL: 4 | YARA: 1 | Domain: 2 |\r\nHostname: 99\r\nBlackTech is a cyber espionage group operating against targets in East Asia, particularly Taiwan, and occasionally,\r\nJapan and Hong Kong. Based on the mutexes and domain names of some of their C\u0026amp;C servers, BlackTech’s\r\ncampaigns are likely designed to steal their target’s technology. Following their activities and evolving tactics and\r\ntechniques helped us uncover the proverbial red string of fate that connected three seemingly disparate campaigns:\r\nPLEAD, Shrouded Crossbow, and of late, Waterbear. Over the course of their campaigns, we analyzed their\r\nmodus operandi and dissected their tools of the trade—and uncovered common denominators indicating that\r\nPLEAD, Shrouded Crossbow, and Waterbear may actually be operated by the same group.\r\nSource: https://otx.alienvault.com/browse/pulses?q=tag:DRIGO\r\nhttps://otx.alienvault.com/browse/pulses?q=tag:DRIGO\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://otx.alienvault.com/browse/pulses?q=tag:DRIGO"
	],
	"report_names": [
		"pulses?q=tag:DRIGO"
	],
	"threat_actors": [
		{
			"id": "efa7c047-b61c-4598-96d5-e00d01dec96b",
			"created_at": "2022-10-25T16:07:23.404442Z",
			"updated_at": "2026-04-10T02:00:04.584239Z",
			"deleted_at": null,
			"main_name": "BlackTech",
			"aliases": [
				"BlackTech",
				"Canary Typhoon",
				"Circuit Panda",
				"Earth Hundun",
				"G0098",
				"Manga Taurus",
				"Operation PLEAD",
				"Operation Shrouded Crossbow",
				"Operation Waterbear",
				"Palmerworm",
				"Radio Panda",
				"Red Djinn",
				"T-APT-03",
				"TEMP.Overboard"
			],
			"source_name": "ETDA:BlackTech",
			"tools": [
				"BIFROST",
				"BUSYICE",
				"BendyBear",
				"Bluether",
				"CAPGELD",
				"DRIGO",
				"Deuterbear",
				"Flagpro",
				"GOODTIMES",
				"Gh0stTimes",
				"IconDown",
				"KIVARS",
				"LOLBAS",
				"LOLBins",
				"Linopid",
				"Living off the Land",
				"TSCookie",
				"Waterbear",
				"XBOW",
				"elf.bifrose"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "2646f776-792a-4498-967b-ec0d3498fdf1",
			"created_at": "2022-10-25T15:50:23.475784Z",
			"updated_at": "2026-04-10T02:00:05.269591Z",
			"deleted_at": null,
			"main_name": "BlackTech",
			"aliases": [
				"BlackTech",
				"Palmerworm"
			],
			"source_name": "MITRE:BlackTech",
			"tools": [
				"Kivars",
				"PsExec",
				"TSCookie",
				"Flagpro",
				"Waterbear"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "75024aad-424b-449a-b286-352fe9226bcb",
			"created_at": "2023-01-06T13:46:38.962724Z",
			"updated_at": "2026-04-10T02:00:03.164536Z",
			"deleted_at": null,
			"main_name": "BlackTech",
			"aliases": [
				"CIRCUIT PANDA",
				"Temp.Overboard",
				"Palmerworm",
				"G0098",
				"T-APT-03",
				"Manga Taurus",
				"Earth Hundun",
				"Mobwork",
				"HUAPI",
				"Red Djinn",
				"Canary Typhoon"
			],
			"source_name": "MISPGALAXY:BlackTech",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "3b93ef3c-2baf-429e-9ccc-fb80d0046c3b",
			"created_at": "2025-08-07T02:03:24.569066Z",
			"updated_at": "2026-04-10T02:00:03.730864Z",
			"deleted_at": null,
			"main_name": "BRONZE CANAL",
			"aliases": [
				"BlackTech",
				"CTG-6177 ",
				"Circuit Panda ",
				"Earth Hundun",
				"Palmerworm ",
				"Red Djinn",
				"Shrouded Crossbow "
			],
			"source_name": "Secureworks:BRONZE CANAL",
			"tools": [
				"Bifrose",
				"DRIGO",
				"Deuterbear",
				"Flagpro",
				"Gh0stTimes",
				"KIVARS",
				"PLEAD",
				"Spiderpig",
				"Waterbear",
				"XBOW"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "c93a7f58-3f75-487c-9bd6-e705b73fc07f",
			"created_at": "2023-01-06T13:46:38.330916Z",
			"updated_at": "2026-04-10T02:00:02.931171Z",
			"deleted_at": null,
			"main_name": "RADIO PANDA",
			"aliases": [
				"Shrouded Crossbow"
			],
			"source_name": "MISPGALAXY:RADIO PANDA",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434390,
	"ts_updated_at": 1775792097,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e447122ed3967daaa303682575a8c209a188f32b.pdf",
		"text": "https://archive.orkl.eu/e447122ed3967daaa303682575a8c209a188f32b.txt",
		"img": "https://archive.orkl.eu/e447122ed3967daaa303682575a8c209a188f32b.jpg"
	}
}