{
	"id": "b82a29ca-a148-4abf-bdbe-ae90b0356749",
	"created_at": "2026-04-06T00:12:51.687288Z",
	"updated_at": "2026-04-10T03:26:39.173891Z",
	"deleted_at": null,
	"sha1_hash": "ef1958035b106b84841c5760d7ac21d335ffc598",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47699,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 16:23:35 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool PyMICROPSIA\n Tool: PyMICROPSIA\nNames PyMICROPSIA\nCategory Malware\nType Reconnaissance, Backdoor, Info stealer, Keylogger, Credential stealer, Downloader\nDescription\n(Palo Alto) PyMICROPSIA has a rich set of information-stealing and control capabilities,\nincluding:\n• File uploading.\n• Payload downloading and execution.\n• Browser credential stealing. Clearing browsing history and profiles.\n• Taking screenshots.\n• Keylogging.\n• Compressing RAR files for stolen information.\n• Collecting process information and killing processes.\n• Collecting file listing information.\n• Deleting files.\n• Rebooting machine.\n• Collecting Outlook .ost file. Killing and disabling Outlook process.\n• Deleting, creating, compressing and exfiltrating files and folders.\n• Collecting information from USB drives, including file exfiltration.\n• Audio recording.\n• Executing commands.\nInformation Last change to this tool card: 06 January 2021\nDownload this tool card in JSON format\nAll groups using tool PyMICROPSIA\nChanged Name Country Observed\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=baa168d6-593b-486f-b52e-cc12182de231\nPage 1 of 2\n\nAPT groups\r\n  Desert Falcons [Gaza] 2011-Oct 2023\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=baa168d6-593b-486f-b52e-cc12182de231\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=baa168d6-593b-486f-b52e-cc12182de231\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=baa168d6-593b-486f-b52e-cc12182de231"
	],
	"report_names": [
		"listgroups.cgi?u=baa168d6-593b-486f-b52e-cc12182de231"
	],
	"threat_actors": [
		{
			"id": "9ff60d4d-153b-4ed5-a2f7-18a21d2fa05d",
			"created_at": "2022-10-25T16:07:23.539852Z",
			"updated_at": "2026-04-10T02:00:04.647734Z",
			"deleted_at": null,
			"main_name": "Desert Falcons",
			"aliases": [
				"APT-C-23",
				"ATK 66",
				"Arid Viper",
				"Niobium",
				"Operation Arid Viper",
				"Operation Bearded Barbie",
				"Operation Rebound",
				"Pinstripe Lightning",
				"Renegade Jackal",
				"TAG-63",
				"TAG-CT1",
				"Two-tailed Scorpion"
			],
			"source_name": "ETDA:Desert Falcons",
			"tools": [
				"AridSpy",
				"Barb(ie) Downloader",
				"BarbWire",
				"Desert Scorpion",
				"FrozenCell",
				"GlanceLove",
				"GnatSpy",
				"KasperAgent",
				"Micropsia",
				"PyMICROPSIA",
				"SpyC23",
				"Viper RAT",
				"ViperRAT",
				"VolatileVenom",
				"WinkChat",
				"android.micropsia"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434371,
	"ts_updated_at": 1775791599,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ef1958035b106b84841c5760d7ac21d335ffc598.pdf",
		"text": "https://archive.orkl.eu/ef1958035b106b84841c5760d7ac21d335ffc598.txt",
		"img": "https://archive.orkl.eu/ef1958035b106b84841c5760d7ac21d335ffc598.jpg"
	}
}