{ "id": "00c25793-1482-4ed5-aa1f-3dec2652a9c3", "created_at": "2026-04-06T00:21:32.202771Z", "updated_at": "2026-04-10T03:36:50.233692Z", "deleted_at": null, "sha1_hash": "f1d8b3d4a6b98bf373333125782fbc7f52093ae0", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 50518, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 14:42:32 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool USBWorm\n Tool: USBWorm\nNames USBWorm\nCategory Malware\nType Backdoor, Exfiltration, Worm\nDescription\n(Kaspersky) Based on our telemetry, USBWorm was used to infect thousands of victims, most\nof them located in Afghanistan and India, providing the attacker with the ability to download\nand execute arbitrary files, spread to removable devices and steal files of interest from infected\nhosts even those disconnected from the internet.\nInformation Last change to this tool card: 01 May 2020\nDownload this tool card in JSON format\nAll groups using tool USBWorm\nChanged Name Country Observed\nAPT groups\n Transparent Tribe, APT 36 2013-Mar 2025\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=944d7316-205a-46d6-8cc8-3081b409800c\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=944d7316-205a-46d6-8cc8-3081b409800c\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=944d7316-205a-46d6-8cc8-3081b409800c" ], "report_names": [ "listgroups.cgi?u=944d7316-205a-46d6-8cc8-3081b409800c" ], "threat_actors": [ { "id": "fce5181c-7aab-400f-bd03-9db9e791da04", "created_at": "2022-10-25T15:50:23.759799Z", "updated_at": "2026-04-10T02:00:05.3002Z", "deleted_at": null, "main_name": "Transparent Tribe", "aliases": [ "Transparent Tribe", "COPPER FIELDSTONE", "APT36", "Mythic Leopard", "ProjectM" ], "source_name": "MITRE:Transparent Tribe", "tools": [ "DarkComet", "ObliqueRAT", "njRAT", "Peppy" ], "source_id": "MITRE", "reports": null }, { "id": "abb24b7b-6baa-4070-9a2b-aa59091097d1", "created_at": "2022-10-25T16:07:24.339942Z", "updated_at": "2026-04-10T02:00:04.944806Z", "deleted_at": null, "main_name": "Transparent Tribe", "aliases": [ "APT 36", "APT-C-56", "Copper Fieldstone", "Earth Karkaddan", "G0134", "Green Havildar", "Mythic Leopard", "Opaque Draco", "Operation C-Major", "Operation Honey Trap", "Operation Transparent Tribe", "ProjectM", "STEPPY-KAVACH", "Storm-0156", "TEMP.Lapis", "Transparent Tribe" ], "source_name": "ETDA:Transparent Tribe", "tools": [ "Amphibeon", "Android RAT", "Bezigate", "Bladabindi", "Bozok", "Bozok RAT", "BreachRAT", "Breut", "CapraRAT", "CinaRAT", "Crimson RAT", "DarkComet", "DarkKomet", "ElizaRAT", "FYNLOS", "Fynloski", "Jorik", "Krademok", "Limepad", "Luminosity RAT", "LuminosityLink", "MSIL", "MSIL/Crimson", "Mobzsar", "MumbaiDown", "Oblique RAT", "ObliqueRAT", "Peppy RAT", "Peppy Trojan", "Quasar RAT", "QuasarRAT", "SEEDOOR", "Scarimson", "SilentCMD", "Stealth Mango", "UPDATESEE", "USBWorm", "Waizsar RAT", "Yggdrasil", "beendoor", "klovbot", "njRAT" ], "source_id": "ETDA", "reports": null }, { "id": "c68fa27f-e8d9-4932-856b-467ccfe39997", "created_at": "2023-01-06T13:46:38.450585Z", "updated_at": "2026-04-10T02:00:02.980334Z", "deleted_at": null, "main_name": "Operation C-Major", "aliases": [ "APT36", "APT 36", "TMP.Lapis", "COPPER FIELDSTONE", "Storm-0156", "Transparent Tribe", "ProjectM", "Green Havildar", "Earth Karkaddan", "C-Major", "Mythic Leopard" ], "source_name": "MISPGALAXY:Operation C-Major", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434892, "ts_updated_at": 1775792210, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f1d8b3d4a6b98bf373333125782fbc7f52093ae0.pdf", "text": "https://archive.orkl.eu/f1d8b3d4a6b98bf373333125782fbc7f52093ae0.txt", "img": "https://archive.orkl.eu/f1d8b3d4a6b98bf373333125782fbc7f52093ae0.jpg" } }