{
	"id": "ab1fcb29-7bb5-4a7c-a6ae-5d33857d7bb9",
	"created_at": "2026-04-06T00:13:38.113198Z",
	"updated_at": "2026-04-10T13:12:18.812621Z",
	"deleted_at": null,
	"sha1_hash": "25125c682b4978051eb0fb482b7a48bfead7432b",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44775,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 18:44:16 UTC\n APT group: FIN10\nNames\nFIN10 (FireEye)\nG0051 (MITRE)\nCountry [Unknown]\nMotivation Financial crime\nFirst seen 2016\nDescription\n(FireEye) FireEye has observed multiple targeted intrusions occurring in North America\n— predominately in Canada — dating back to at least 2013 and continuing through at\nleast 2016, in which the attacker(s) have compromised organizations’ networks and\nsought to monetize this illicit access by exfiltrating sensitive data and extorting victim\norganizations. In some cases, when the extortion demand was not met, the attacker(s)\ndestroyed production Windows systems by deleting critical operating system files and\nthen shutting down the impacted systems. Based on near parallel TTPs used by the\nattacker(s) across these targeted intrusions, we believe these clusters of activity are\nlinked to a single, previously unobserved actor or group that we have dubbed FIN10.\nObserved\nSectors: Casinos and Gambling, Mining.\nCountries: Canada, USA.\nTools used EmpireProject, KOMPROGO.\nInformation MITRE ATT\u0026CK Last change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=32e3ffa7-e053-4841-a072-7f314eb1637c\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=32e3ffa7-e053-4841-a072-7f314eb1637c\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=32e3ffa7-e053-4841-a072-7f314eb1637c"
	],
	"report_names": [
		"showcard.cgi?u=32e3ffa7-e053-4841-a072-7f314eb1637c"
	],
	"threat_actors": [
		{
			"id": "9e3a488e-d304-4431-92e0-c8b9c80542bf",
			"created_at": "2022-10-25T16:07:23.627198Z",
			"updated_at": "2026-04-10T02:00:04.693727Z",
			"deleted_at": null,
			"main_name": "FIN10",
			"aliases": [
				"G0051"
			],
			"source_name": "ETDA:FIN10",
			"tools": [
				"EmPyre",
				"EmpireProject",
				"KOMPROGO",
				"PowerShell Empire",
				"Splinter RAT"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d134593b-1325-47ab-9bb7-b47d6473e352",
			"created_at": "2022-10-25T15:50:23.827908Z",
			"updated_at": "2026-04-10T02:00:05.335173Z",
			"deleted_at": null,
			"main_name": "FIN10",
			"aliases": [
				"FIN10"
			],
			"source_name": "MITRE:FIN10",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "277b5119-e193-4f98-b18a-c6db644f32f3",
			"created_at": "2023-01-06T13:46:38.971767Z",
			"updated_at": "2026-04-10T02:00:03.167584Z",
			"deleted_at": null,
			"main_name": "FIN10",
			"aliases": [
				"G0051"
			],
			"source_name": "MISPGALAXY:FIN10",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434418,
	"ts_updated_at": 1775826738,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/25125c682b4978051eb0fb482b7a48bfead7432b.pdf",
		"text": "https://archive.orkl.eu/25125c682b4978051eb0fb482b7a48bfead7432b.txt",
		"img": "https://archive.orkl.eu/25125c682b4978051eb0fb482b7a48bfead7432b.jpg"
	}
}