{
	"id": "c4f1db3f-4a41-42bb-9d6b-391e3f17d2cd",
	"created_at": "2026-04-06T00:14:29.832604Z",
	"updated_at": "2026-04-10T03:20:47.469415Z",
	"deleted_at": null,
	"sha1_hash": "1f47d84d45078f23f2aaffb0fe9aa7a6dbfe4c6e",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28592,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 19:28:05 UTC\r\nDescription(Blueliv) It affects mainly Asian and European countries, but with more than 1.5 million infected\r\ncomputers, it also has active bots across almost every continent. The current number of related bots online is about\r\n1,350,000, but each day more users are infected.\r\nNecurs is modular malware with a lot of features, but it is mainly known for sending large spam campaigns via\r\nemail. This large botnet is actually formed by 7 smaller botnets put together using the same malware.\r\nBlueliv’s Threat Intelligence Lab team has performed a deep and detailed malware-reversal analysis on Necurs.\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d820a4fb-edd8-4c5d-b5dd-24d1795aa285\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d820a4fb-edd8-4c5d-b5dd-24d1795aa285\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d820a4fb-edd8-4c5d-b5dd-24d1795aa285"
	],
	"report_names": [
		"listgroups.cgi?u=d820a4fb-edd8-4c5d-b5dd-24d1795aa285"
	],
	"threat_actors": [],
	"ts_created_at": 1775434469,
	"ts_updated_at": 1775791247,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1f47d84d45078f23f2aaffb0fe9aa7a6dbfe4c6e.pdf",
		"text": "https://archive.orkl.eu/1f47d84d45078f23f2aaffb0fe9aa7a6dbfe4c6e.txt",
		"img": "https://archive.orkl.eu/1f47d84d45078f23f2aaffb0fe9aa7a6dbfe4c6e.jpg"
	}
}