{
	"id": "d3587dc3-a182-4841-9a42-c298a7c783a5",
	"created_at": "2026-04-06T00:15:50.854444Z",
	"updated_at": "2026-04-10T13:12:17.663223Z",
	"deleted_at": null,
	"sha1_hash": "03af6d9430ee7b7ac9c3921e9bdbe560f85c4ef6",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48115,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:42:39 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Nidiran\n Tool: Nidiran\nNames\nNidiran\nBackdoor.Nidiran\nCategory Malware\nType Backdoor\nDescription\nNidiran is a custom backdoor developed and used by Suckfly. It has been delivered via\nstrategic web compromise.\nInformation\nMITRE ATT\u0026CK AlienVault OTX Last change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool Nidiran\nChanged Name Country Observed\nAPT groups\n Suckfly 2014-Late 2015\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b7f22a7c-b4fd-427e-b2e3-b6b8950aeb34\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b7f22a7c-b4fd-427e-b2e3-b6b8950aeb34\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b7f22a7c-b4fd-427e-b2e3-b6b8950aeb34"
	],
	"report_names": [
		"listgroups.cgi?u=b7f22a7c-b4fd-427e-b2e3-b6b8950aeb34"
	],
	"threat_actors": [
		{
			"id": "aada2650-7bef-45e4-8371-18c4318a7056",
			"created_at": "2022-10-25T15:50:23.422502Z",
			"updated_at": "2026-04-10T02:00:05.278662Z",
			"deleted_at": null,
			"main_name": "Suckfly",
			"aliases": [
				"Suckfly"
			],
			"source_name": "MITRE:Suckfly",
			"tools": [
				"Nidiran"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "a4a3c2a4-992d-4ce6-8c97-e39b23da9a26",
			"created_at": "2022-10-25T16:07:24.242051Z",
			"updated_at": "2026-04-10T02:00:04.909353Z",
			"deleted_at": null,
			"main_name": "Suckfly",
			"aliases": [
				"G0039"
			],
			"source_name": "ETDA:Suckfly",
			"tools": [
				"Backdoor.Nidiran",
				"Nidiran",
				"WCE",
				"Windows Credential Editor",
				"Windows Credentials Editor",
				"gsecdump",
				"smbscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "7b039cc0-33b6-495a-b4ca-649d096b993d",
			"created_at": "2023-01-06T13:46:38.482654Z",
			"updated_at": "2026-04-10T02:00:02.99265Z",
			"deleted_at": null,
			"main_name": "APT22",
			"aliases": [
				"G0039",
				"Suckfly",
				"BRONZE OLIVE",
				"Group 46"
			],
			"source_name": "MISPGALAXY:APT22",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "1d63fba2-f042-41ca-8a72-64c6e737d295",
			"created_at": "2025-08-07T02:03:24.643647Z",
			"updated_at": "2026-04-10T02:00:03.719558Z",
			"deleted_at": null,
			"main_name": "BRONZE OLIVE",
			"aliases": [
				"APT22 ",
				"Barista",
				"Group 46 ",
				"Suckfly "
			],
			"source_name": "Secureworks:BRONZE OLIVE",
			"tools": [
				"Angryrebel",
				"DestroyRAT",
				"PlugX"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434550,
	"ts_updated_at": 1775826737,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/03af6d9430ee7b7ac9c3921e9bdbe560f85c4ef6.pdf",
		"text": "https://archive.orkl.eu/03af6d9430ee7b7ac9c3921e9bdbe560f85c4ef6.txt",
		"img": "https://archive.orkl.eu/03af6d9430ee7b7ac9c3921e9bdbe560f85c4ef6.jpg"
	}
}