{
	"id": "fcaac133-7086-4c07-95fa-662ee43ce879",
	"created_at": "2026-04-06T00:06:23.972894Z",
	"updated_at": "2026-04-10T03:34:18.918677Z",
	"deleted_at": null,
	"sha1_hash": "1cd636d2199db4d9a3e11a1721b392e122c0f5b5",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48086,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 16:15:49 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Sojax\n Tool: Sojax\nNames Sojax\nCategory Malware\nType Reconnaissance, Backdoor, Info stealer\nDescription\n(PreciseSecurity) VBS.Sojax is a Visual Basic Script Trojan that opens a backdoor on\ncompromised computer, which will allow a remote attacker to take full control of it. The\nTrojan may also monitor system activities and steal sensitive information and other significant\ndata. Using malicious documents, VBS.Sojax will enter the computer by exploiting several\nsecurity breaches in Adobe Flash, Adobe Reader and MS Office.\nInformation Last change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool Sojax\nChanged Name Country Observed\nAPT groups\n Lucky Cat 2011\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6a01e0af-8eed-4690-8e51-a039dc7a3e88\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6a01e0af-8eed-4690-8e51-a039dc7a3e88\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6a01e0af-8eed-4690-8e51-a039dc7a3e88"
	],
	"report_names": [
		"listgroups.cgi?u=6a01e0af-8eed-4690-8e51-a039dc7a3e88"
	],
	"threat_actors": [
		{
			"id": "9792e41f-4165-474b-99fa-e74ec332bd87",
			"created_at": "2023-01-06T13:46:38.986789Z",
			"updated_at": "2026-04-10T02:00:03.172308Z",
			"deleted_at": null,
			"main_name": "Lucky Cat",
			"aliases": [
				"TA413",
				"White Dev 9"
			],
			"source_name": "MISPGALAXY:Lucky Cat",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "1a651080-cb2f-49bb-87cb-b9c6f6f99ce9",
			"created_at": "2022-10-25T16:07:23.809467Z",
			"updated_at": "2026-04-10T02:00:04.756067Z",
			"deleted_at": null,
			"main_name": "Lucky Cat",
			"aliases": [],
			"source_name": "ETDA:Lucky Cat",
			"tools": [
				"Comfoo",
				"Comfoo RAT",
				"Lucky Cat",
				"LuckyCat",
				"Sojax",
				"Syndicasec",
				"WMI Ghost",
				"Wimmie"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775433983,
	"ts_updated_at": 1775792058,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1cd636d2199db4d9a3e11a1721b392e122c0f5b5.pdf",
		"text": "https://archive.orkl.eu/1cd636d2199db4d9a3e11a1721b392e122c0f5b5.txt",
		"img": "https://archive.orkl.eu/1cd636d2199db4d9a3e11a1721b392e122c0f5b5.jpg"
	}
}