{
	"id": "7d98fdb1-bd4c-4ea8-98d5-956dc5399592",
	"created_at": "2026-04-06T01:29:38.427358Z",
	"updated_at": "2026-04-10T03:33:41.82337Z",
	"deleted_at": null,
	"sha1_hash": "1d5a96d7eff9d10aa3c267c1191b592531d5a477",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 57432,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 00:31:53 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Maze\n Tool: Maze\nNames\nMaze\nChaCha\nCategory Malware\nType Ransomware, Big Game Hunting\nDescription\nMaze Ransomware encrypts files and makes them inaccessible while adding a custom\nextension containing part of the ID of the victim. The ransom note is placed inside a text\nfile and an htm file. There are a few different extensions appended to files which are\nrandomly generated.\nActors are known to exfiltrate the data from the network for further extortion. It spreads\nmainly using email spam and various exploit kits (Spelevo, Fallout).\nThe code of Maze ransomware is highly complicated and obfuscated, which helps to\nevade security solutions using signature-based detections.\nInformation https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6b19a42e-91bb-4261-a38f-06cd033e2781\nPage 1 of 2\n\nMITRE ATT\u0026CK Malpedia Playbook\nLast change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool Maze\nChanged Name Country Observed\nAPT groups\n TA2101, Maze Team [Unknown] 2019-Feb 2024\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6b19a42e-91bb-4261-a38f-06cd033e2781\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6b19a42e-91bb-4261-a38f-06cd033e2781\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6b19a42e-91bb-4261-a38f-06cd033e2781"
	],
	"report_names": [
		"listgroups.cgi?u=6b19a42e-91bb-4261-a38f-06cd033e2781"
	],
	"threat_actors": [
		{
			"id": "e9f85280-337c-4321-b872-0919f8ef64a6",
			"created_at": "2022-10-25T16:07:24.261761Z",
			"updated_at": "2026-04-10T02:00:04.914455Z",
			"deleted_at": null,
			"main_name": "TA2101",
			"aliases": [
				"Gold Village",
				"Maze Team",
				"TA2101",
				"Twisted Spider"
			],
			"source_name": "ETDA:TA2101",
			"tools": [
				"7-Zip",
				"Agentemis",
				"BokBot",
				"Buran",
				"ChaCha",
				"Cobalt Strike",
				"CobaltStrike",
				"Egregor",
				"IceID",
				"IcedID",
				"Mimikatz",
				"PsExec",
				"SharpHound",
				"VegaLocker",
				"WinSCP",
				"cobeacon",
				"nmap"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "c3c864b3-fac9-4d56-8500-7c06c829fbf8",
			"created_at": "2023-01-06T13:46:39.071873Z",
			"updated_at": "2026-04-10T02:00:03.203749Z",
			"deleted_at": null,
			"main_name": "TA2101",
			"aliases": [
				"GOLD VILLAGE",
				"Storm-0216",
				"DEV-0216",
				"UNC2198",
				"TUNNEL SPIDER",
				"Maze Team",
				"TWISTED SPIDER"
			],
			"source_name": "MISPGALAXY:TA2101",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775438978,
	"ts_updated_at": 1775792021,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1d5a96d7eff9d10aa3c267c1191b592531d5a477.pdf",
		"text": "https://archive.orkl.eu/1d5a96d7eff9d10aa3c267c1191b592531d5a477.txt",
		"img": "https://archive.orkl.eu/1d5a96d7eff9d10aa3c267c1191b592531d5a477.jpg"
	}
}