{ "id": "b6b67640-4a29-46e4-86e8-b8dc7d18fb1e", "created_at": "2026-04-06T00:17:54.649744Z", "updated_at": "2026-04-10T03:26:47.835837Z", "deleted_at": null, "sha1_hash": "fb7210f452c727287f1f0adb6cf6f5e7adfa8b2c", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49877, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 14:26:01 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool SilverHawk\r\n Tool: SilverHawk\r\nNames SilverHawk\r\nCategory Malware\r\nType Backdoor, Info stealer, Exfiltration\r\nDescription\r\n(Lookout) App Capabilities:\r\n• Record Audio\r\no Stream environment audio over raw socket when instructed\r\n• Take photos with device camera\r\n• Survival counter - failed server connections and it stops\r\n• Retrieve files from external storage\r\no Top directory\r\no Downloads, Pictures, DCIM directories\r\no WhatsApp, Telegram, Viber, ShareIt content\r\no Files sent over Bluetooth\r\n• File utility to copy, move, rename, and delete files\r\n• Download attacker specified files\r\n• Enumerate installed apps incl. date \u0026 time installed\r\n• Attempt to execute attacker specified commands or binary as root\r\n• Retrieve contacts and related data:\r\no Call logs\r\no Contacts\r\no Text Messages\r\n• Location, direction, and acceleration of the device\r\n• Remotely updateable C2 IP and port\r\n• Hide Icon\r\n• Device information\r\no Retrieve battery levels, WiFi and GPS status, storage and cellular carrier info\r\nInformation \u003chttps://i.blackhat.com/eu-18/Wed-Dec-5/eu-18-DelRosso-Under-the-SEA.pdf\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec12d7cd-5480-4511-a333-2b0c4c26c65e\r\nPage 1 of 2\n\nAll groups using tool SilverHawk\r\nChanged Name Country Observed\r\nAPT groups\r\n  Syrian Electronic Army (SEA), Deadeye Jackal 2011-Aug 2021\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec12d7cd-5480-4511-a333-2b0c4c26c65e\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec12d7cd-5480-4511-a333-2b0c4c26c65e\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec12d7cd-5480-4511-a333-2b0c4c26c65e" ], "report_names": [ "listgroups.cgi?u=ec12d7cd-5480-4511-a333-2b0c4c26c65e" ], "threat_actors": [ { "id": "2f498e6b-3f0e-4f26-8cc7-52121e675643", "created_at": "2023-01-06T13:46:38.447274Z", "updated_at": "2026-04-10T02:00:02.978901Z", "deleted_at": null, "main_name": "Deadeye Jackal", "aliases": [ "SyrianElectronicArmy" ], "source_name": "MISPGALAXY:Deadeye Jackal", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "76fc6d92-0710-4640-bfa7-3000fe3940a5", "created_at": "2022-10-25T16:07:24.251595Z", "updated_at": "2026-04-10T02:00:04.911951Z", "deleted_at": null, "main_name": "Syrian Electronic Army (SEA)", "aliases": [ "ATK 196", "Deadeye Jackal", "Syria Malware Team", "Syrian Electronic Army", "TAG-CT2" ], "source_name": "ETDA:Syrian Electronic Army (SEA)", "tools": [ "AndoServer", "CypherRat", "SLRat", "SandroRAT", "SilverHawk", "SpyNote", "SpyNote RAT" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434674, "ts_updated_at": 1775791607, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/fb7210f452c727287f1f0adb6cf6f5e7adfa8b2c.pdf", "text": "https://archive.orkl.eu/fb7210f452c727287f1f0adb6cf6f5e7adfa8b2c.txt", "img": "https://archive.orkl.eu/fb7210f452c727287f1f0adb6cf6f5e7adfa8b2c.jpg" } }