{
	"id": "15fb1777-2e0f-42e2-977d-98b1401fd079",
	"created_at": "2026-04-06T00:16:31.20099Z",
	"updated_at": "2026-04-10T03:26:46.331176Z",
	"deleted_at": null,
	"sha1_hash": "0f0b54075ecd803554a908f1d0151513a5df0909",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45698,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 13:21:40 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Kerberoast\r\n Tool: Kerberoast\r\nNames Kerberoast\r\nCategory Tools\r\nType Credential stealer\r\nDescription Kerberoast is a series of tools for attacking MS Kerberos implementations.\r\nInformation \u003chttps://github.com/nidem/kerberoast\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Kerberoast\r\nChanged Name Country Observed\r\nAPT groups\r\n  APT 20, Violin Panda 2014-2017  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1fc90e25-1f07-4005-a623-aa81f6961a68\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1fc90e25-1f07-4005-a623-aa81f6961a68\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1fc90e25-1f07-4005-a623-aa81f6961a68"
	],
	"report_names": [
		"listgroups.cgi?u=1fc90e25-1f07-4005-a623-aa81f6961a68"
	],
	"threat_actors": [
		{
			"id": "5d512e7c-f6a7-47b5-b440-4968c299deaf",
			"created_at": "2023-01-06T13:46:38.344772Z",
			"updated_at": "2026-04-10T02:00:02.9359Z",
			"deleted_at": null,
			"main_name": "APT20",
			"aliases": [
				"VIOLIN PANDA",
				"TH3Bug",
				"Crawling Taurus"
			],
			"source_name": "MISPGALAXY:APT20",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "dd583696-3de6-4c23-bfb6-e675a38a7000",
			"created_at": "2022-10-25T16:07:23.338398Z",
			"updated_at": "2026-04-10T02:00:04.548798Z",
			"deleted_at": null,
			"main_name": "APT 20",
			"aliases": [
				"APT 20",
				"APT 8",
				"Crawling Taurus",
				"Operation Wocao",
				"TH3Bug",
				"Violin Panda"
			],
			"source_name": "ETDA:APT 20",
			"tools": [
				"Agent.dhwf",
				"Chymine",
				"Darkmoon",
				"Destroy RAT",
				"DestroyRAT",
				"Filesnfer",
				"Gen:Trojan.Heur.PT",
				"Kaba",
				"KeeThief",
				"Kerberoast",
				"Korplug",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Mimikatz",
				"PlugX",
				"Poison Ivy",
				"ProcDump",
				"PsExec",
				"RedDelta",
				"SMBExec",
				"SPIVY",
				"SharpHound",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"WinRAR",
				"XServer",
				"Xamtrav",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434591,
	"ts_updated_at": 1775791606,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0f0b54075ecd803554a908f1d0151513a5df0909.pdf",
		"text": "https://archive.orkl.eu/0f0b54075ecd803554a908f1d0151513a5df0909.txt",
		"img": "https://archive.orkl.eu/0f0b54075ecd803554a908f1d0151513a5df0909.jpg"
	}
}