{
	"id": "3c951b52-3aa7-4eb5-9bd1-9013cf0e38eb",
	"created_at": "2026-04-06T00:11:51.188905Z",
	"updated_at": "2026-04-10T13:11:25.765188Z",
	"deleted_at": null,
	"sha1_hash": "22f20c80112e1cbc947aa7047f998c1cf5ac9da9",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50378,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 21:54:47 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Md_client\r\n Tool: Md_client\r\nNames Md_client\r\nCategory Malware\r\nType Reconnaissance, Backdoor, Downloader, Exfiltration\r\nDescription\r\n(Bitdefender) This component uses the UDP and the 53 port to communicate with the C\u0026C\r\nserver and is capable of:\r\n• Collecting system information like computer name, user name, osverion, processor\r\narchitecture;\r\n• Creating a remote shell by running a cmd.exe with stdin/stdout/stderr “connected” to the\r\nC\u0026C\r\n• Sending the Logical Drive Strings\r\n• Listing a directory\r\n• Uploading and downloading a file\r\n• Deleting a directory\r\n• Executing a command using ShellExecuteW\r\n• Executing a command using CreateDesktop (“mydktop1”) and CreateProcess\r\nInformation\r\n\u003chttps://www.bitdefender.com/files/News/CaseStudies/study/379/Bitdefender-Whitepaper-Chinese-APT.pdf\u003e\r\nLast change to this tool card: 06 January 2021\r\nDownload this tool card in JSON format\r\nAll groups using tool Md_client\r\nChanged Name Country Observed\r\nAPT groups\r\n  FunnyDream 2018  \r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=334f29bc-e758-4e35-ac9b-d35e4d4e5179\r\nPage 1 of 2\n\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=334f29bc-e758-4e35-ac9b-d35e4d4e5179\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=334f29bc-e758-4e35-ac9b-d35e4d4e5179\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=334f29bc-e758-4e35-ac9b-d35e4d4e5179"
	],
	"report_names": [
		"listgroups.cgi?u=334f29bc-e758-4e35-ac9b-d35e4d4e5179"
	],
	"threat_actors": [
		{
			"id": "b98eb1ec-dc8b-4aea-b112-9e485408dd14",
			"created_at": "2022-10-25T16:07:23.649308Z",
			"updated_at": "2026-04-10T02:00:04.701157Z",
			"deleted_at": null,
			"main_name": "FunnyDream",
			"aliases": [
				"Bronze Edgewood",
				"Red Hariasa",
				"TAG-16"
			],
			"source_name": "ETDA:FunnyDream",
			"tools": [
				"Chinoxy",
				"Filepak",
				"FilepakMonitor",
				"FunnyDream",
				"Keyrecord",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Md_client",
				"PCShare",
				"ScreenCap",
				"TcpBridge",
				"Tcp_transfer",
				"ccf32"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434311,
	"ts_updated_at": 1775826685,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/22f20c80112e1cbc947aa7047f998c1cf5ac9da9.pdf",
		"text": "https://archive.orkl.eu/22f20c80112e1cbc947aa7047f998c1cf5ac9da9.txt",
		"img": "https://archive.orkl.eu/22f20c80112e1cbc947aa7047f998c1cf5ac9da9.jpg"
	}
}