{
	"id": "213df3b2-ad61-4c5f-8e96-89a542f94c50",
	"created_at": "2026-04-06T00:14:25.638008Z",
	"updated_at": "2026-04-10T03:30:14.906473Z",
	"deleted_at": null,
	"sha1_hash": "2695507ea0f4f7316be9e671b2ccbb75678b6946",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43962,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 15:16:35 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool XDPass\r\n Tool: XDPass\r\nNames XDPass\r\nCategory Malware\r\nType Credential stealer\r\nDescription\r\n(ESET) XDPass is a quite standard browser password stealer, and it has similar custom\r\nobfuscation to the other plug-ins. It can recover passwords from Internet Explorer, Chrome\r\nand Opera. We did not see significant code similarity with known password stealers, but we\r\ncannot exclude that it might be based on some generic code.\r\nInformation \u003chttps://vblocalhost.com/uploads/VB2020-Faou-Labelle.pdf\u003e\r\nLast change to this tool card: 19 October 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool XDPass\r\nChanged Name Country Observed\r\nAPT groups\r\n  XDSpy [Unknown] 2011-Jul 2024  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ad2e68bc-3c42-4f11-b1b6-1be9f920a05e\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ad2e68bc-3c42-4f11-b1b6-1be9f920a05e\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ad2e68bc-3c42-4f11-b1b6-1be9f920a05e"
	],
	"report_names": [
		"listgroups.cgi?u=ad2e68bc-3c42-4f11-b1b6-1be9f920a05e"
	],
	"threat_actors": [
		{
			"id": "69cba9ab-de35-4103-a699-7d243bcfd196",
			"created_at": "2023-01-06T13:46:39.159472Z",
			"updated_at": "2026-04-10T02:00:03.233731Z",
			"deleted_at": null,
			"main_name": "XDSpy",
			"aliases": [],
			"source_name": "MISPGALAXY:XDSpy",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d69b3831-de95-42c9-b4b6-26232627206f",
			"created_at": "2022-10-25T16:07:24.429466Z",
			"updated_at": "2026-04-10T02:00:04.985102Z",
			"deleted_at": null,
			"main_name": "XDSpy",
			"aliases": [],
			"source_name": "ETDA:XDSpy",
			"tools": [
				"ChromePass",
				"IE PassView",
				"MailPassView",
				"Network Password Recovery",
				"OperaPassView",
				"PasswordFox",
				"Protected Storage PassView",
				"XDDown",
				"XDList",
				"XDLoc",
				"XDMonitor",
				"XDPass",
				"XDRecon",
				"XDUpload"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434465,
	"ts_updated_at": 1775791814,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2695507ea0f4f7316be9e671b2ccbb75678b6946.pdf",
		"text": "https://archive.orkl.eu/2695507ea0f4f7316be9e671b2ccbb75678b6946.txt",
		"img": "https://archive.orkl.eu/2695507ea0f4f7316be9e671b2ccbb75678b6946.jpg"
	}
}