{
	"id": "363e9e46-db8c-4c97-af43-1b239fc65c2f",
	"created_at": "2026-04-06T00:12:42.453174Z",
	"updated_at": "2026-04-10T03:36:01.247954Z",
	"deleted_at": null,
	"sha1_hash": "f9cd1cb0907fe288d012de91b5336e8032dd1f88",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49280,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 23:18:36 UTC\r\n APT group: Earth Lamia\r\nNames Earth Lamia (Trend Micro)\r\nCountry China\r\nMotivation Information theft and espionage\r\nFirst seen 2023\r\nDescription\r\n(Trend Micro) Trend Research has identified Earth Lamia as an APT threat actor that exploits\r\nvulnerabilities in web applications to gain access to organizations, using various techniques for\r\ndata exfiltration.\r\nEarth Lamia develops and customizes hacking tools to evade detection, such as PULSEPACK\r\nand BypassBoss.\r\nEarth Lamia has primarily targeted organizations in Brazil, India, and Southeast Asia since\r\n2023. Initially focused on financial services, the group shifted to logistics and online retail,\r\nmost recently focusing on IT companies, universities, and government organizations.\r\nObserved\r\nSectors: Education, Financial, Government, IT, Retail, Shipping and Logistics.\r\nCountries: Brazil, India, Indonesia, Malaysia, Philippines, Thailand, Vietnam.\r\nTools used BypassBoss, PULSEPACK.\r\nInformation \u003chttps://www.trendmicro.com/en_us/research/25/e/earth-lamia.html\u003e\r\nLast change to this card: 27 June 2025\r\nDownload this actor card in PDF or JSON format\r\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=17ebc5f9-e718-4b31-b0ba-5abe21916af5\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=17ebc5f9-e718-4b31-b0ba-5abe21916af5\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=17ebc5f9-e718-4b31-b0ba-5abe21916af5"
	],
	"report_names": [
		"showcard.cgi?u=17ebc5f9-e718-4b31-b0ba-5abe21916af5"
	],
	"threat_actors": [
		{
			"id": "2137e858-a11d-4b75-ae54-3267b096a4fc",
			"created_at": "2025-06-29T02:01:56.98797Z",
			"updated_at": "2026-04-10T02:00:04.667535Z",
			"deleted_at": null,
			"main_name": "Earth Lamia",
			"aliases": [],
			"source_name": "ETDA:Earth Lamia",
			"tools": [
				"BypassBoss",
				"PULSEPACK"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "650a9c54-160c-4a25-8e96-e845f2dd6f82",
			"created_at": "2026-01-18T02:00:03.063535Z",
			"updated_at": "2026-04-10T02:00:03.901997Z",
			"deleted_at": null,
			"main_name": "Earth Lamia",
			"aliases": [
				"UNC5454"
			],
			"source_name": "MISPGALAXY:Earth Lamia",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434362,
	"ts_updated_at": 1775792161,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f9cd1cb0907fe288d012de91b5336e8032dd1f88.pdf",
		"text": "https://archive.orkl.eu/f9cd1cb0907fe288d012de91b5336e8032dd1f88.txt",
		"img": "https://archive.orkl.eu/f9cd1cb0907fe288d012de91b5336e8032dd1f88.jpg"
	}
}