{ "id": "eca09410-e157-41a9-8027-b5a6a7d26d1c", "created_at": "2026-04-06T00:16:30.464841Z", "updated_at": "2026-04-10T13:11:31.142167Z", "deleted_at": null, "sha1_hash": "15cc73afe1edc2ab6f227a40f270d0c8b6683b2c", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 55360, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:54:34 UTC\n Tool: RevengeRAT\nNames\nRevengeRAT\nRevenge RAT\nRevenge\nRevetrat\nCategory Malware\nType Backdoor\nDescription Revenge RAT is a freely available remote access tool written in .NET (C#).\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 06 March 2024\nDownload this tool card in JSON format\nAll groups using tool RevengeRAT\nChanged Name Country Observed\nAPT groups\n Aggah [Unknown] 2018-Jun 2022\n Gorgon Group 2017-Jul 2020\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=11f55202-a2da-4146-b5e3-863e3f7cca8e\nPage 1 of 2\n\nOperation Comando [Unknown] 2018  \r\n  RevengeHotels [Unknown] 2015  \r\n  TA2541 [Unknown] 2017  \r\n  TA558 [Unknown] 2018-Jun 2023  \r\n6 groups listed (6 APT, 0 other, 0 unknown)\r\n↑\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=11f55202-a2da-4146-b5e3-863e3f7cca8e\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=11f55202-a2da-4146-b5e3-863e3f7cca8e\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=11f55202-a2da-4146-b5e3-863e3f7cca8e" ], "report_names": [ "listgroups.cgi?u=11f55202-a2da-4146-b5e3-863e3f7cca8e" ], "threat_actors": [ { "id": "414d7c65-5872-4e56-8a7d-49a2aeef1632", "created_at": "2025-08-07T02:03:24.7983Z", "updated_at": "2026-04-10T02:00:03.76109Z", "deleted_at": null, "main_name": "COPPER FIELDSTONE", "aliases": [ "APT36 ", "Earth Karkaddan ", "Gorgon Group ", "Green Havildar ", "Mythic Leopard ", "Operation C-Major ", "Operation Transparent Tribe ", "Pasty Draco ", "ProjectM ", "Storm-0156 " ], "source_name": "Secureworks:COPPER FIELDSTONE", "tools": [ "CapraRAT", "Crimson RAT", "DarkComet", "ElizaRAT", "LuminosityLink", "ObliqueRAT", "Peppy", "njRAT" ], "source_id": "Secureworks", "reports": null }, { "id": "bfae615f-cb9c-479c-b97d-ba282c322db3", "created_at": "2022-10-25T16:07:24.123308Z", "updated_at": "2026-04-10T02:00:04.874176Z", "deleted_at": null, "main_name": "RevengeHotels", "aliases": [], "source_name": "ETDA:RevengeHotels", "tools": [ "888 RAT", "Atros2.CKPN", "Bladabindi", "Jorik", "Nancrat", "NanoCore", "NanoCore RAT", "Revenge RAT", "RevengeRAT", "Revetrat", "Zurten", "njRAT" ], "source_id": "ETDA", "reports": null }, { "id": "316b23b5-e097-4dc6-8b1c-d096860c6c16", "created_at": "2022-10-25T16:07:24.290801Z", "updated_at": "2026-04-10T02:00:04.924688Z", "deleted_at": null, "main_name": "TA558", "aliases": [], "source_name": "ETDA:TA558", "tools": [ "AZORult", "AsyncRAT", "Bladabindi", "ExtRat", "Jorik", "Loda", "Loda RAT", "LodaRAT", "Nymeria", "PuffStealer", "Remcos", "RemcosRAT", "Remvio", "Revenge RAT", "RevengeRAT", "Revetrat", "Rultazo", "Socmer", "Vengeance Justice Worm", "Vjw0rm", "Xtreme RAT", "XtremeRAT", "njRAT" ], "source_id": "ETDA", "reports": null }, { "id": "99468ac6-ccfd-4cd8-b726-791600e61431", "created_at": "2023-11-01T02:01:06.647272Z", "updated_at": "2026-04-10T02:00:05.313262Z", "deleted_at": null, "main_name": "TA2541", "aliases": [ "TA2541" ], "source_name": "MITRE:TA2541", "tools": [ "Snip3", "Revenge RAT", "jRAT", "WarzoneRAT", "Imminent Monitor", "AsyncRAT", "NETWIRE", "Agent Tesla", "njRAT" ], "source_id": "MITRE", "reports": null }, { "id": "97dc332f-2241-4755-ae33-54e5eff3990a", "created_at": "2023-01-06T13:46:39.307201Z", "updated_at": "2026-04-10T02:00:03.282272Z", "deleted_at": null, "main_name": "TA2541", "aliases": [], "source_name": "MISPGALAXY:TA2541", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e819f7c1-855b-4834-b30c-493832336ddb", "created_at": "2022-10-25T16:07:23.939418Z", "updated_at": "2026-04-10T02:00:04.796807Z", "deleted_at": null, "main_name": "Operation Comando", "aliases": [], "source_name": "ETDA:Operation Comando", "tools": [ "AsyncRAT", "Atros2.CKPN", "Bladabindi", "CapturaTela", "Jorik", "LimeRAT", "Nancrat", "NanoCore", "NanoCore RAT", "Remcos", "RemcosRAT", "Remvio", "Revenge RAT", "RevengeRAT", "Revetrat", "Socmer", "Zurten", "njRAT" ], "source_id": "ETDA", "reports": null }, { "id": "31a4f4ad-1aa7-48c2-8b16-58d48879644c", "created_at": "2024-02-06T02:00:04.13577Z", "updated_at": "2026-04-10T02:00:03.576453Z", "deleted_at": null, "main_name": "RevengeHotels", "aliases": [], "source_name": "MISPGALAXY:RevengeHotels", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "b0d34dd6-ee90-483b-bb6c-441332274160", "created_at": "2022-10-25T16:07:23.296754Z", "updated_at": "2026-04-10T02:00:04.526403Z", "deleted_at": null, "main_name": "Aggah", "aliases": [ "Operation Red Deer", "Operation Roma225" ], "source_name": "ETDA:Aggah", "tools": [ "AgenTesla", "Agent Tesla", "AgentTesla", "Aggah", "Atros2.CKPN", "Bladabindi", "Jorik", "Nancrat", "NanoCore", "NanoCore RAT", "Negasteal", "Origin Logger", "Revenge RAT", "RevengeRAT", "Revetrat", "Warzone", "Warzone RAT", "ZPAQ", "Zurten", "njRAT" ], "source_id": "ETDA", "reports": null }, { "id": "18278778-fa63-4a9a-8988-4d266b8c5c1a", "created_at": "2023-01-06T13:46:38.769816Z", "updated_at": "2026-04-10T02:00:03.094179Z", "deleted_at": null, "main_name": "The Gorgon Group", "aliases": [ "Gorgon Group", "Subaat", "ATK92", "G0078", "Pasty Gemini" ], "source_name": "MISPGALAXY:The Gorgon Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "97fdaf9f-cae1-4ccc-abe2-76e5cbc0febd", "created_at": "2022-10-25T15:50:23.296989Z", "updated_at": "2026-04-10T02:00:05.347085Z", "deleted_at": null, "main_name": "Gorgon Group", "aliases": [ "Gorgon Group" ], "source_name": "MITRE:Gorgon Group", "tools": [ "NanoCore", "QuasarRAT", "Remcos", "njRAT" ], "source_id": "MITRE", "reports": null }, { "id": "28851008-77b4-47eb-abcd-1bb5b3f19fc2", "created_at": "2023-06-20T02:02:10.254614Z", "updated_at": "2026-04-10T02:00:03.365336Z", "deleted_at": null, "main_name": "Hagga", "aliases": [ "TH-157", "Aggah" ], "source_name": "MISPGALAXY:Hagga", "tools": [ "Agent Tesla" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "cf91b389-9602-45c0-8d6b-c61d14800f54", "created_at": "2023-01-06T13:46:39.448277Z", "updated_at": "2026-04-10T02:00:03.332604Z", "deleted_at": null, "main_name": "TA558", "aliases": [], "source_name": "MISPGALAXY:TA558", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "878ce40c-9fbc-4cff-a5c4-771086979fa7", "created_at": "2022-10-25T16:07:24.264056Z", "updated_at": "2026-04-10T02:00:04.915395Z", "deleted_at": null, "main_name": "TA2541", "aliases": [], "source_name": "ETDA:TA2541", "tools": [ "AVE_MARIA", "AgenTesla", "Agent Tesla", "AgentTesla", "AsyncRAT", "Ave Maria", "AveMariaRAT", "DarkRAT", "H-Worm", "H-Worm RAT", "Houdini", "Houdini RAT", "Hworm", "Imminent Monitor", "Imminent Monitor RAT", "Iniduoh", "Jenxcus", "Kognito", "Luminosity RAT", "LuminosityLink", "Negasteal", "NetWeird", "NetWire", "NetWire RAT", "NetWire RC", "NetWired RC", "Njw0rm", "Origin Logger", "Parallax", "Parallax RAT", "ParallaxRAT", "Recam", "Revenge RAT", "RevengeRAT", "Revetrat", "WSHRAT", "ZPAQ", "avemaria", "dinihou", "dunihi" ], "source_id": "ETDA", "reports": null }, { "id": "e1e83b71-854a-4ddf-82ed-141c1d151c3c", "created_at": "2023-01-06T13:46:38.934536Z", "updated_at": "2026-04-10T02:00:03.150803Z", "deleted_at": null, "main_name": "Operation Comando", "aliases": [], "source_name": "MISPGALAXY:Operation Comando", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6c4e4b91-1f98-49e2-90e6-435cea8d3d53", "created_at": "2022-10-25T16:07:23.693797Z", "updated_at": "2026-04-10T02:00:04.711987Z", "deleted_at": null, "main_name": "Gorgon Group", "aliases": [ "ATK 92", "G0078", "Pasty Draco", "Subaat", "TAG-CR5" ], "source_name": "ETDA:Gorgon Group", "tools": [ "AgenTesla", "Agent Tesla", "AgentTesla", "Atros2.CKPN", "Bladabindi", "CinaRAT", "Crimson RAT", "ForeIT", "Jorik", "LOLBAS", "LOLBins", "Living off the Land", "Loki", "Loki.Rat", "LokiBot", "LokiPWS", "MSIL", "MSIL/Crimson", "Nancrat", "NanoCore", "NanoCore RAT", "Negasteal", "NetWeird", "NetWire", "NetWire RAT", "NetWire RC", "NetWired RC", "Origin Logger", "Quasar RAT", "QuasarRAT", "Recam", "Remcos", "RemcosRAT", "Remvio", "Revenge RAT", "RevengeRAT", "Revetrat", "SEEDOOR", "Scarimson", "Socmer", "Yggdrasil", "ZPAQ", "Zurten", "njRAT" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434590, "ts_updated_at": 1775826691, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/15cc73afe1edc2ab6f227a40f270d0c8b6683b2c.pdf", "text": "https://archive.orkl.eu/15cc73afe1edc2ab6f227a40f270d0c8b6683b2c.txt", "img": "https://archive.orkl.eu/15cc73afe1edc2ab6f227a40f270d0c8b6683b2c.jpg" } }