{
	"id": "38deddb4-fee5-4432-b9af-ae042f9e17ab",
	"created_at": "2026-04-06T00:14:48.174719Z",
	"updated_at": "2026-04-10T03:30:10.93425Z",
	"deleted_at": null,
	"sha1_hash": "e7e10d0975455aadd07c121f4b0e7cbbc52e978d",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47844,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 13:42:04 UTC\r\n APT group: AVIVORE\r\nNames AVIVORE (Context)\r\nCountry China\r\nMotivation Information theft and espionage\r\nFirst seen 2015\r\nDescription\r\n(Context) Until now, most prominent supply chain intrusions have been 'vertical'; initial\r\nvictims are typically Managed Services Providers or software vendors leveraged by attackers\r\nto move up or down the supply chain. However, since summer 2018, Context Information\r\nSecurity has been investigating a series of incidents targeting UK and European Aerospace and\r\nDefence that are best described as 'horizontal'. Advanced attackers have been leveraging direct\r\nconnectivity between suppliers and partners who are integrated into each other’s value chains.\r\nWe have been tracking this activity under the codename AVIVORE.\r\nAffected victims include large multinational firms (Primes) and smaller engineering or\r\nconsultancy firms within their supply chain (Secondaries). Context has worked closely with\r\nvictims, the National Cyber Security Centre (NCSC), security organisations, and law\r\nenforcement agencies across Europe to reduce impact and prevent further compromise.\r\nObserved\r\nSectors: Aerospace, Automotive, Energy, Satellites.\r\nCountries: UK and Europe.\r\nTools used Mimikatz, PlugX, Living off the Land.\r\nInformation \u003chttps://www.contextis.com/en/blog/avivore\u003e\r\nLast change to this card: 19 April 2020\r\nDownload this actor card in PDF or JSON format\r\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e3c6f511-75df-4bf1-95d2-b91679ecf047\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=e3c6f511-75df-4bf1-95d2-b91679ecf047\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=e3c6f511-75df-4bf1-95d2-b91679ecf047"
	],
	"report_names": [
		"showcard.cgi?u=e3c6f511-75df-4bf1-95d2-b91679ecf047"
	],
	"threat_actors": [
		{
			"id": "680d62c6-23e2-411b-86e9-af6dc6a64d53",
			"created_at": "2023-01-06T13:46:39.329055Z",
			"updated_at": "2026-04-10T02:00:03.289076Z",
			"deleted_at": null,
			"main_name": "Avivore",
			"aliases": [],
			"source_name": "MISPGALAXY:Avivore",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "3b978023-9d82-46fb-b836-a0d011504d2c",
			"created_at": "2022-10-25T16:07:23.368134Z",
			"updated_at": "2026-04-10T02:00:04.568035Z",
			"deleted_at": null,
			"main_name": "AVIVORE",
			"aliases": [],
			"source_name": "ETDA:AVIVORE",
			"tools": [
				"Agent.dhwf",
				"Destroy RAT",
				"DestroyRAT",
				"Kaba",
				"Korplug",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Mimikatz",
				"PlugX",
				"RedDelta",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Xamtrav"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434488,
	"ts_updated_at": 1775791810,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e7e10d0975455aadd07c121f4b0e7cbbc52e978d.pdf",
		"text": "https://archive.orkl.eu/e7e10d0975455aadd07c121f4b0e7cbbc52e978d.txt",
		"img": "https://archive.orkl.eu/e7e10d0975455aadd07c121f4b0e7cbbc52e978d.jpg"
	}
}