{
	"id": "052f5c0b-3ae5-42db-89ec-1f2ca2a0b84b",
	"created_at": "2026-04-06T00:18:00.263506Z",
	"updated_at": "2026-04-10T03:32:26.642567Z",
	"deleted_at": null,
	"sha1_hash": "f74ef4045143eb1e551ca9bede55092beacd3430",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48681,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 22:28:50 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Drupalgeddon\n Tool: Drupalgeddon\nNames Drupalgeddon\nCategory Exploits\nType 0-day\nDescription\n(Malwarebytes) Drupal is one of the most popular Content Management Systems (CMS),\nalong with WordPress and Joomla. In late March 2018, Drupal was affected by a major\nremote code execution vulnerability (CVE-2018-7600) followed by yet another (CVE-2018-7602) almost a month later, both aptly nicknamed Drupalgeddon 2 and\nDrupalgeddon 3.\nInformation\nAlienVault OTX Last change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool Drupalgeddon\nChanged Name Country Observed\nAPT groups\n Sea Turtle 2017-2021\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=13efaf2c-994f-464a-9fcc-faa42bcaa154\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=13efaf2c-994f-464a-9fcc-faa42bcaa154\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=13efaf2c-994f-464a-9fcc-faa42bcaa154"
	],
	"report_names": [
		"listgroups.cgi?u=13efaf2c-994f-464a-9fcc-faa42bcaa154"
	],
	"threat_actors": [
		{
			"id": "cfdd35af-bd12-4c03-8737-08fca638346d",
			"created_at": "2022-10-25T16:07:24.165595Z",
			"updated_at": "2026-04-10T02:00:04.887031Z",
			"deleted_at": null,
			"main_name": "Sea Turtle",
			"aliases": [
				"Cosmic Wolf",
				"Marbled Dust",
				"Silicon",
				"Teal Kurma",
				"UNC1326"
			],
			"source_name": "ETDA:Sea Turtle",
			"tools": [
				"Drupalgeddon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "33ae2a40-02cd-4dba-8461-d0a50e75578b",
			"created_at": "2023-01-06T13:46:38.947314Z",
			"updated_at": "2026-04-10T02:00:03.155091Z",
			"deleted_at": null,
			"main_name": "Sea Turtle",
			"aliases": [
				"UNC1326",
				"COSMIC WOLF",
				"Marbled Dust",
				"SILICON",
				"Teal Kurma"
			],
			"source_name": "MISPGALAXY:Sea Turtle",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "62b1b01f-168d-42db-afa1-29d794abc25f",
			"created_at": "2025-04-23T02:00:55.22426Z",
			"updated_at": "2026-04-10T02:00:05.358041Z",
			"deleted_at": null,
			"main_name": "Sea Turtle",
			"aliases": [
				"Sea Turtle",
				"Teal Kurma",
				"Marbled Dust",
				"Cosmic Wolf",
				"SILICON"
			],
			"source_name": "MITRE:Sea Turtle",
			"tools": [
				"SnappyTCP"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434680,
	"ts_updated_at": 1775791946,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f74ef4045143eb1e551ca9bede55092beacd3430.pdf",
		"text": "https://archive.orkl.eu/f74ef4045143eb1e551ca9bede55092beacd3430.txt",
		"img": "https://archive.orkl.eu/f74ef4045143eb1e551ca9bede55092beacd3430.jpg"
	}
}