{
	"id": "027ad2be-fb62-49b0-b72e-55743e0f99a8",
	"created_at": "2026-04-06T00:12:49.151874Z",
	"updated_at": "2026-04-10T03:27:45.861713Z",
	"deleted_at": null,
	"sha1_hash": "e928e430bbefe59dd6cc37c58326d9d451a3fff3",
	"title": "Blue Termite, Cloudy Omega - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31847,
	"plain_text": "Blue Termite, Cloudy Omega - Threat Group Cards: A Threat\r\nActor Encyclopedia\r\nArchived: 2026-04-05 23:48:13 UTC\r\nDescription(Kaspersky) In October 2014, Kaspersky Lab started to research “Blue Termite”, an Advanced\r\nPersistent Threat (APT) targeting Japan. The oldest sample we’ve seen up to now is from November 2013.\r\nThis is not the first time the country has been a victim of an APT. However, the attack is different in two respects:\r\nunlike other APTs, the main focus of Blue Termite is to attack Japanese organizations; and most of their C2s are\r\nlocated in Japan. One of the top targets is the Japan Pension Service, but the list of targeted industries includes\r\ngovernment and government agencies, local governments, public interest groups, universities, banks, financial\r\nservices, energy, communication, heavy industry, chemical, automotive, electrical, news media, information\r\nservices sector, health care, real estate, food, semiconductor, robotics, construction, insurance, transportation and\r\nso on. Unfortunately, the attack is still active and the number of victims has been increasing.\r\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=320ddce3-12ab-49df-b578-ebaef364b288\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=320ddce3-12ab-49df-b578-ebaef364b288\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=320ddce3-12ab-49df-b578-ebaef364b288"
	],
	"report_names": [
		"showcard.cgi?u=320ddce3-12ab-49df-b578-ebaef364b288"
	],
	"threat_actors": [
		{
			"id": "c92de6de-9538-43e5-9190-9da092194884",
			"created_at": "2022-10-25T16:07:23.411024Z",
			"updated_at": "2026-04-10T02:00:04.587683Z",
			"deleted_at": null,
			"main_name": "Blue Termite",
			"aliases": [
				"Blue Termite",
				"Cloudy Omega"
			],
			"source_name": "ETDA:Blue Termite",
			"tools": [
				"Emdivi",
				"Newsripper"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "48782737-377b-47b4-aff0-87424208a643",
			"created_at": "2023-01-06T13:46:38.569144Z",
			"updated_at": "2026-04-10T02:00:03.02685Z",
			"deleted_at": null,
			"main_name": "Blue Termite",
			"aliases": [
				"Cloudy Omega",
				"Emdivi"
			],
			"source_name": "MISPGALAXY:Blue Termite",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434369,
	"ts_updated_at": 1775791665,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e928e430bbefe59dd6cc37c58326d9d451a3fff3.pdf",
		"text": "https://archive.orkl.eu/e928e430bbefe59dd6cc37c58326d9d451a3fff3.txt",
		"img": "https://archive.orkl.eu/e928e430bbefe59dd6cc37c58326d9d451a3fff3.jpg"
	}
}