{
	"id": "aba6ebbe-d01e-47b8-be33-17e0e1e345dd",
	"created_at": "2026-04-06T00:07:37.155715Z",
	"updated_at": "2026-04-10T03:24:29.763037Z",
	"deleted_at": null,
	"sha1_hash": "1ef64519abf9da19218a8baa2a80ab0122acf099",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46579,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 23:22:57 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool TypeConfig\r\n Tool: TypeConfig\r\nNames\r\nTypeConfig\r\nSafeDisk\r\nCategory Malware\r\nType Loader\r\nDescription\r\n(Trend Micro) The primary function of TypeConfig/SafeDisk appears to be embedding a\r\nbackdoor into a valid .PE file. This tool appears to be the primary method for creating the\r\nmalware related to the campaign.\r\nInformation\r\n\u003chttps://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Safe-a-targeted-threat.pdf\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool TypeConfig\r\nChanged Name Country Observed\r\nAPT groups\r\n  Safe 2013  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e7d0703b-088a-43a0-ba79-123a235267fb\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e7d0703b-088a-43a0-ba79-123a235267fb\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e7d0703b-088a-43a0-ba79-123a235267fb"
	],
	"report_names": [
		"listgroups.cgi?u=e7d0703b-088a-43a0-ba79-123a235267fb"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434057,
	"ts_updated_at": 1775791469,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1ef64519abf9da19218a8baa2a80ab0122acf099.pdf",
		"text": "https://archive.orkl.eu/1ef64519abf9da19218a8baa2a80ab0122acf099.txt",
		"img": "https://archive.orkl.eu/1ef64519abf9da19218a8baa2a80ab0122acf099.jpg"
	}
}