{
	"id": "03c079e2-7c2c-43c7-889b-32fe3d6f4f9b",
	"created_at": "2026-04-06T00:08:58.494741Z",
	"updated_at": "2026-04-10T13:12:19.624431Z",
	"deleted_at": null,
	"sha1_hash": "0422d6a23abebe6f13f14c284343805a89704fb6",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47511,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-06 00:05:59 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool SLRat\r\n Tool: SLRat\r\nNames SLRat\r\nCategory Malware\r\nType Backdoor, Info stealer, Exfiltration\r\nDescription\r\n(Lookout) SLRat appears to have gained popularity since its developer first publicized it in\r\nMay 2016, advertising it as “the Best and Free android remote admin tool”, while AndoServer\r\nhas not yet been seen for sale or mentioned on public forums. Based on samples ingested to\r\ndate however, Lookout researchers believe it is also a customizable Android malware that may\r\nbe for sale, or only known about and used by a smaller group of operators.\r\nInformation \u003chttps://blog.lookout.com/nation-state-mobile-malware-targets-syrians-with-covid-19-lures\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool SLRat\r\nChanged Name Country Observed\r\nAPT groups\r\n  Syrian Electronic Army (SEA), Deadeye Jackal 2011-Aug 2021\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8037e6f9-1cd8-4a27-83ad-897db91259b7\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8037e6f9-1cd8-4a27-83ad-897db91259b7\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8037e6f9-1cd8-4a27-83ad-897db91259b7"
	],
	"report_names": [
		"listgroups.cgi?u=8037e6f9-1cd8-4a27-83ad-897db91259b7"
	],
	"threat_actors": [
		{
			"id": "2f498e6b-3f0e-4f26-8cc7-52121e675643",
			"created_at": "2023-01-06T13:46:38.447274Z",
			"updated_at": "2026-04-10T02:00:02.978901Z",
			"deleted_at": null,
			"main_name": "Deadeye Jackal",
			"aliases": [
				"SyrianElectronicArmy"
			],
			"source_name": "MISPGALAXY:Deadeye Jackal",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "76fc6d92-0710-4640-bfa7-3000fe3940a5",
			"created_at": "2022-10-25T16:07:24.251595Z",
			"updated_at": "2026-04-10T02:00:04.911951Z",
			"deleted_at": null,
			"main_name": "Syrian Electronic Army (SEA)",
			"aliases": [
				"ATK 196",
				"Deadeye Jackal",
				"Syria Malware Team",
				"Syrian Electronic Army",
				"TAG-CT2"
			],
			"source_name": "ETDA:Syrian Electronic Army (SEA)",
			"tools": [
				"AndoServer",
				"CypherRat",
				"SLRat",
				"SandroRAT",
				"SilverHawk",
				"SpyNote",
				"SpyNote RAT"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434138,
	"ts_updated_at": 1775826739,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0422d6a23abebe6f13f14c284343805a89704fb6.pdf",
		"text": "https://archive.orkl.eu/0422d6a23abebe6f13f14c284343805a89704fb6.txt",
		"img": "https://archive.orkl.eu/0422d6a23abebe6f13f14c284343805a89704fb6.jpg"
	}
}