{
	"id": "66c6460d-687d-413a-9a52-eef5cd991184",
	"created_at": "2026-04-06T00:14:17.569625Z",
	"updated_at": "2026-04-10T13:13:03.800338Z",
	"deleted_at": null,
	"sha1_hash": "1f973d11f9cbc3f104135df4779d331b916aaaec",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45436,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 16:02:08 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Casper\n Tool: Casper\nNames Casper\nCategory Malware\nType Reconnaissance\nDescription\n(ESET) Casper was used against Syrian targets in April 2014, which makes it the most recent\nmalware from this group publicly known at this time. To attack their targets, Casper’s\noperators used zero-day exploits in Adobe Flash, and these exploits were – surprisingly –\nhosted on a Syrian governmental website. Casper is a well-developed reconnaissance tool,\nmaking extensive efforts to remain unseen on targeted machines. Of particular note are the\nspecific strategies adopted against antimalware software.\nInformation\nMalpedia Last change to this tool card: 23 April 2020\nDownload this tool card in JSON format\nAll groups using tool Casper\nChanged Name Country Observed\nAPT groups\n Snowglobe, Animal Farm 2011\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d15a2bbb-dd31-42b2-94a2-8a82cfe06900\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d15a2bbb-dd31-42b2-94a2-8a82cfe06900\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d15a2bbb-dd31-42b2-94a2-8a82cfe06900"
	],
	"report_names": [
		"listgroups.cgi?u=d15a2bbb-dd31-42b2-94a2-8a82cfe06900"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "e09a7338-fb16-4e39-b579-c3bfc3140c47",
			"created_at": "2022-10-25T16:07:24.207294Z",
			"updated_at": "2026-04-10T02:00:04.899166Z",
			"deleted_at": null,
			"main_name": "Snowglobe",
			"aliases": [
				"ATK 8",
				"Animal Farm",
				"SIG20",
				"Snowglobe"
			],
			"source_name": "ETDA:Snowglobe",
			"tools": [
				"Babar",
				"Casper",
				"Chocopop",
				"Dino",
				"EvilBunny",
				"Nbot",
				"TFC",
				"Tafacalou"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "548a4081-aa8f-4e2a-bcb3-0c9dfa61944f",
			"created_at": "2023-01-06T13:46:38.443779Z",
			"updated_at": "2026-04-10T02:00:02.977564Z",
			"deleted_at": null,
			"main_name": "SNOWGLOBE",
			"aliases": [
				"Animal Farm",
				"Snowglobe",
				"ATK8"
			],
			"source_name": "MISPGALAXY:SNOWGLOBE",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434457,
	"ts_updated_at": 1775826783,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1f973d11f9cbc3f104135df4779d331b916aaaec.pdf",
		"text": "https://archive.orkl.eu/1f973d11f9cbc3f104135df4779d331b916aaaec.txt",
		"img": "https://archive.orkl.eu/1f973d11f9cbc3f104135df4779d331b916aaaec.jpg"
	}
}