{ "id": "bcbbdb68-5f8e-4473-b2cb-4e6bc67eb1ff", "created_at": "2026-04-06T00:14:36.630299Z", "updated_at": "2026-04-10T13:11:35.785634Z", "deleted_at": null, "sha1_hash": "00800a71a29791643a45fadc9b4dcca3887b5ad8", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 47631, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 14:14:57 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Adzok\n Tool: Adzok\nNames\nAdzok\nInvisible Remote Administrator\nCategory Tools\nType Reconnaissance, Backdoor, Credential stealer, Info stealer, Exfiltration\nDescription\n(Citizen Lab) Similar to Adwind in functionality, the java-based Adzok is apparently from\nBolivia. The premium version costs $990, but it appears that Packrat is using the “free”\nversion. This version of Adzok does not use obfuscation, which makes it possible to simply\nuncompress the jar files within the docx and read the clear-text configuration file. Given the\nobfuscated nature of the other RATs that Packrat has used, their use of Adzok is surprising. It\nis possible that they were having stability, compatibility, or detection problems with other\nRATs and that Adzok served a specific requirement.\nInformation\nMalpedia Last change to this tool card: 24 April 2021\nDownload this tool card in JSON format\nAll groups using tool Adzok\nChanged Name Country Observed\nAPT groups\n Packrat [Latin America] 2008\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=cc7e8c06-7e44-4441-9fe0-5479cdb262fa\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=cc7e8c06-7e44-4441-9fe0-5479cdb262fa\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=cc7e8c06-7e44-4441-9fe0-5479cdb262fa\r\nPage 2 of 2\n\nAPT groups Packrat [Latin America] 2008\n1 group listed (1 APT, 0 other, 0 unknown) \n Page 1 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=cc7e8c06-7e44-4441-9fe0-5479cdb262fa" ], "report_names": [ "listgroups.cgi?u=cc7e8c06-7e44-4441-9fe0-5479cdb262fa" ], "threat_actors": [ { "id": "d001e298-8608-4ee6-96c7-e5afb62d718d", "created_at": "2022-10-25T16:07:24.035765Z", "updated_at": "2026-04-10T02:00:04.847015Z", "deleted_at": null, "main_name": "Packrat", "aliases": [], "source_name": "ETDA:Packrat", "tools": [ "Adwind", "Adwind RAT", "Adzok", "Alien Spy", "AlienSpy", "CyberGate", "CyberGate RAT", "ExtRat", "Frutas", "Invisible Remote Administrator", "JBifrost RAT", "JSocket", "Rebhip", "Sockrat", "Trojan.Maljava", "UnReCoM", "Unknown RAT", "Unrecom", "Xtreme RAT", "XtremeRAT", "jBiFrost", "jConnectPro RAT", "jFrutas" ], "source_id": "ETDA", "reports": null }, { "id": "02a7064e-447b-433e-ac14-6f10d476f517", "created_at": "2023-01-06T13:46:38.520097Z", "updated_at": "2026-04-10T02:00:03.010392Z", "deleted_at": null, "main_name": "Packrat", "aliases": [], "source_name": "MISPGALAXY:Packrat", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434476, "ts_updated_at": 1775826695, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/00800a71a29791643a45fadc9b4dcca3887b5ad8.pdf", "text": "https://archive.orkl.eu/00800a71a29791643a45fadc9b4dcca3887b5ad8.txt", "img": "https://archive.orkl.eu/00800a71a29791643a45fadc9b4dcca3887b5ad8.jpg" } }