{
	"id": "1006c14f-826a-4a4e-811f-6c029b595128",
	"created_at": "2026-04-06T00:12:32.884678Z",
	"updated_at": "2026-04-10T13:11:42.857748Z",
	"deleted_at": null,
	"sha1_hash": "2291fadfe4c79bc9a442b6645e0bc682d387179c",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52916,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 21:47:55 UTC\nHome \u003e List all groups \u003e Clever Kitten\n APT group: Clever Kitten\nNames\nClever Kitten (CrowdStrike)\nGroup 41 (Talos)\nCountry Iran\nMotivation Information theft and espionage\nFirst seen 2013\nDescription\n(CrowdStrike) Clever Kitten primarily targets global companies with strategic importance to\ncountries that are contrary to Iranian interests.\nClever Kitten actors have a strong affinity for PHP server-side attacks to make access; this is\nrelatively unique amongst targeted attackers who often favor targeting a specific individual at\na specific organization using social engineering. Some attackers have moved to leveraging\nstrategic web compromises. The reason for this is likely the availability of exploits against web\nbrowsers, which for a variety of reasons allows an attacker to bypass security features such as\nData Execution Prevention (DEP) or Address Space Layout Randomization (ASLR).\nObserved\nSectors: Global companies with strategic importance to countries that are contrary to Iranian\ninterests..\nTools used Acunetix Web Vulnerability Scanner, RC SHELL.\nInformation Last change to this card: 14 April 2020\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=937fc2ca-f7b3-4be7-ab2c-32b67bd7dac4\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=937fc2ca-f7b3-4be7-ab2c-32b67bd7dac4\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=937fc2ca-f7b3-4be7-ab2c-32b67bd7dac4"
	],
	"report_names": [
		"showcard.cgi?u=937fc2ca-f7b3-4be7-ab2c-32b67bd7dac4"
	],
	"threat_actors": [
		{
			"id": "60c270f9-5aa8-41d5-850c-6003135c5815",
			"created_at": "2023-01-06T13:46:38.687298Z",
			"updated_at": "2026-04-10T02:00:03.068415Z",
			"deleted_at": null,
			"main_name": "Clever Kitten",
			"aliases": [
				"Group 41"
			],
			"source_name": "MISPGALAXY:Clever Kitten",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "25bd25be-762c-404c-be9e-b11f074b34dd",
			"created_at": "2022-10-25T16:07:23.470771Z",
			"updated_at": "2026-04-10T02:00:04.621239Z",
			"deleted_at": null,
			"main_name": "Clever Kitten",
			"aliases": [
				"Group 41"
			],
			"source_name": "ETDA:Clever Kitten",
			"tools": [
				"Acunetix Web Vulnerability Scanner",
				"RC SHELL"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434352,
	"ts_updated_at": 1775826702,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2291fadfe4c79bc9a442b6645e0bc682d387179c.pdf",
		"text": "https://archive.orkl.eu/2291fadfe4c79bc9a442b6645e0bc682d387179c.txt",
		"img": "https://archive.orkl.eu/2291fadfe4c79bc9a442b6645e0bc682d387179c.jpg"
	}
}