{
	"id": "497ab37d-aa1e-44db-8a38-f6af4bb7e6fd",
	"created_at": "2026-04-06T00:11:28.809303Z",
	"updated_at": "2026-04-10T03:33:52.18234Z",
	"deleted_at": null,
	"sha1_hash": "20bafe923cac39e03360f463c0cd43a36adcd3d0",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45145,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:16:24 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool H1N1 Loader\n Tool: H1N1 Loader\nNames\nH1N1 Loader\nH1N1\nCategory Malware\nType Loader\nDescription\n(Cisco) H1N1 is a loader malware variant that has been known to deliver Pony DLLs\nand Vawtrak executables to infected machines. Upon infection, H1N1 previously only\nprovided loading and system information reporting capabilities.\nInformation MITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 23 April 2020\nDownload this tool card in JSON format\nAll groups using tool H1N1 Loader\nChanged Name Country Observed\nAPT groups\n TA530 [Unknown] 2016-Nov 2016\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a33c9005-104b-4553-80c3-1af01a0aba94\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a33c9005-104b-4553-80c3-1af01a0aba94\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a33c9005-104b-4553-80c3-1af01a0aba94"
	],
	"report_names": [
		"listgroups.cgi?u=a33c9005-104b-4553-80c3-1af01a0aba94"
	],
	"threat_actors": [
		{
			"id": "f8fd6c94-f1bf-43b8-8613-edc46ca097ee",
			"created_at": "2022-10-25T16:07:24.285532Z",
			"updated_at": "2026-04-10T02:00:04.922819Z",
			"deleted_at": null,
			"main_name": "TA530",
			"aliases": [],
			"source_name": "ETDA:TA530",
			"tools": [
				"AbaddonPOS",
				"August Stealer",
				"Bugat v5",
				"CryptoWall",
				"Dofoil",
				"Dridex",
				"Gozi ISFB",
				"H1N1",
				"H1N1 Loader",
				"ISFB",
				"Nymaim",
				"Pandemyia",
				"Sharik",
				"Smoke Loader",
				"SmokeLoader",
				"SpY-Agent",
				"TVRAT",
				"TVSpy",
				"TeamSpy",
				"TeamViewerENT",
				"TinyLoader",
				"nymain"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "af77521e-c35f-4030-a95d-bcd1eaeeaac1",
			"created_at": "2023-01-06T13:46:38.476089Z",
			"updated_at": "2026-04-10T02:00:02.990237Z",
			"deleted_at": null,
			"main_name": "TA530",
			"aliases": [],
			"source_name": "MISPGALAXY:TA530",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434288,
	"ts_updated_at": 1775792032,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/20bafe923cac39e03360f463c0cd43a36adcd3d0.pdf",
		"text": "https://archive.orkl.eu/20bafe923cac39e03360f463c0cd43a36adcd3d0.txt",
		"img": "https://archive.orkl.eu/20bafe923cac39e03360f463c0cd43a36adcd3d0.jpg"
	}
}