{
	"id": "bb7f59bf-16dc-4647-9905-6f99489d2f92",
	"created_at": "2026-04-06T01:31:15.511813Z",
	"updated_at": "2026-04-10T13:12:10.301554Z",
	"deleted_at": null,
	"sha1_hash": "0d55a41ca08fe08354f5fdc4d5ae1d61d87d7a81",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44750,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-06 00:38:41 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool XDLoc\r\n Tool: XDLoc\r\nNames XDLoc\r\nCategory Malware\r\nType Reconnaissance\r\nDescription\r\n(ESET) XDLoc is a location discovery plug-in that retrieves a list of nearby Wi-Fi access\r\npoints. It uses the WlanGetNetworkBssListWindows API function to retrieve the list of nearby\r\nBSSIDs and their signal strengths (RSSI). This information is then written in \\wgl.dat. We\r\nbelieve that this information can be combined with databases of geolocation of known Wi-Fi\r\naccess points in order to approximate the location of the victim’s device.\r\nInformation \u003chttps://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf\u003e\r\nLast change to this tool card: 19 October 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool XDLoc\r\nChanged Name Country Observed\r\nAPT groups\r\n  XDSpy [Unknown] 2011-Jul 2024  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7bf7ba03-ce5a-4e89-bc72-da7d6c344370\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7bf7ba03-ce5a-4e89-bc72-da7d6c344370\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7bf7ba03-ce5a-4e89-bc72-da7d6c344370"
	],
	"report_names": [
		"listgroups.cgi?u=7bf7ba03-ce5a-4e89-bc72-da7d6c344370"
	],
	"threat_actors": [
		{
			"id": "69cba9ab-de35-4103-a699-7d243bcfd196",
			"created_at": "2023-01-06T13:46:39.159472Z",
			"updated_at": "2026-04-10T02:00:03.233731Z",
			"deleted_at": null,
			"main_name": "XDSpy",
			"aliases": [],
			"source_name": "MISPGALAXY:XDSpy",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d69b3831-de95-42c9-b4b6-26232627206f",
			"created_at": "2022-10-25T16:07:24.429466Z",
			"updated_at": "2026-04-10T02:00:04.985102Z",
			"deleted_at": null,
			"main_name": "XDSpy",
			"aliases": [],
			"source_name": "ETDA:XDSpy",
			"tools": [
				"ChromePass",
				"IE PassView",
				"MailPassView",
				"Network Password Recovery",
				"OperaPassView",
				"PasswordFox",
				"Protected Storage PassView",
				"XDDown",
				"XDList",
				"XDLoc",
				"XDMonitor",
				"XDPass",
				"XDRecon",
				"XDUpload"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439075,
	"ts_updated_at": 1775826730,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0d55a41ca08fe08354f5fdc4d5ae1d61d87d7a81.pdf",
		"text": "https://archive.orkl.eu/0d55a41ca08fe08354f5fdc4d5ae1d61d87d7a81.txt",
		"img": "https://archive.orkl.eu/0d55a41ca08fe08354f5fdc4d5ae1d61d87d7a81.jpg"
	}
}