{
	"id": "cfc5d2ba-bfb6-46ce-9ba7-fe63fd865cb7",
	"created_at": "2026-04-06T00:11:39.656835Z",
	"updated_at": "2026-04-10T03:24:29.419611Z",
	"deleted_at": null,
	"sha1_hash": "17a18b33524beb3a21e7945544ea17ba2aa046cb",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47921,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 22:48:49 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Safe\r\n Tool: Safe\r\nNames Safe\r\nCategory Malware\r\nType Backdoor, Info stealer, Exfiltration\r\nDescription\r\n(Trend Micro) Opening the malicious document on a system running a vulnerable version of\r\nMicrosoft Office opens the decoy document for the user to view. Note though that this also\r\ndrops malicious files onto the system that allows the attackers to take control of it. After the\r\ninitial compromise, the attackers may then steal files from the compromised system.\r\nInformation\r\n\u003chttps://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Safe-a-targeted-threat.pdf\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Safe\r\nChanged Name Country Observed\r\nAPT groups\r\n  Safe 2013  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5b8c6be9-25b3-4bea-98c5-53507e1b6887\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5b8c6be9-25b3-4bea-98c5-53507e1b6887\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5b8c6be9-25b3-4bea-98c5-53507e1b6887"
	],
	"report_names": [
		"listgroups.cgi?u=5b8c6be9-25b3-4bea-98c5-53507e1b6887"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434299,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/17a18b33524beb3a21e7945544ea17ba2aa046cb.pdf",
		"text": "https://archive.orkl.eu/17a18b33524beb3a21e7945544ea17ba2aa046cb.txt",
		"img": "https://archive.orkl.eu/17a18b33524beb3a21e7945544ea17ba2aa046cb.jpg"
	}
}