{
	"id": "9e31d493-4115-41b3-8f62-7ebae371ca72",
	"created_at": "2026-04-06T00:09:51.138928Z",
	"updated_at": "2026-04-10T13:12:10.309372Z",
	"deleted_at": null,
	"sha1_hash": "1b303e53451e878f59742aadb3269e06f0a74e2e",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48812,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 22:02:46 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Protux\n Tool: Protux\nNames Protux\nCategory Malware\nType Backdoor\nDescription\n(Trend Micro) Protux, a known backdoor, is executed by abusing the rundll32 dynamic-link library (DLL). It tests the host’s network, retrieves the C\u0026C server from another\nblog, and uses the RSA algorithm to generate the session key and send information to the\nC\u0026C server.\nInformation\nAlienVault OTX Last change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool Protux\nChanged Name Country Observed\nAPT groups\n Blackgear 2018-Jul 2018\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=29ff8d7b-f399-4ef8-b8de-e9fa6bcd8cc0\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=29ff8d7b-f399-4ef8-b8de-e9fa6bcd8cc0\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=29ff8d7b-f399-4ef8-b8de-e9fa6bcd8cc0"
	],
	"report_names": [
		"listgroups.cgi?u=29ff8d7b-f399-4ef8-b8de-e9fa6bcd8cc0"
	],
	"threat_actors": [
		{
			"id": "ad59becc-29c2-4b7a-a958-d7f242d222ea",
			"created_at": "2023-01-06T13:46:38.956494Z",
			"updated_at": "2026-04-10T02:00:03.161471Z",
			"deleted_at": null,
			"main_name": "Blackgear",
			"aliases": [
				"BLACKGEAR",
				"Topgear",
				"Comnie"
			],
			"source_name": "MISPGALAXY:Blackgear",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6750d709-9153-4e90-baa3-04883a9b762b",
			"created_at": "2022-10-25T16:07:23.397596Z",
			"updated_at": "2026-04-10T02:00:04.580074Z",
			"deleted_at": null,
			"main_name": "Blackgear",
			"aliases": [
				"Topgear"
			],
			"source_name": "ETDA:Blackgear",
			"tools": [
				"Comnie",
				"Elirks",
				"Protux"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434191,
	"ts_updated_at": 1775826730,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1b303e53451e878f59742aadb3269e06f0a74e2e.pdf",
		"text": "https://archive.orkl.eu/1b303e53451e878f59742aadb3269e06f0a74e2e.txt",
		"img": "https://archive.orkl.eu/1b303e53451e878f59742aadb3269e06f0a74e2e.jpg"
	}
}