{
	"id": "2e875fb5-4065-404e-af62-cf0460ae79c2",
	"created_at": "2026-04-06T15:52:16.955213Z",
	"updated_at": "2026-04-10T13:12:30.806916Z",
	"deleted_at": null,
	"sha1_hash": "2864e5e11b679373f6346b42ee673d39ca41b1f8",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46671,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 15:38:51 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool BlotchyQuasar\n Tool: BlotchyQuasar\nNames BlotchyQuasar\nCategory Malware\nType Banking trojan, Backdoor, Info stealer, Credential stealer\nDescription\n(IBM) BlotchyQuasar, which X-Force describes as a banking trojan due to it containing a\nhardcoded list of banking applications, was developed on top of the QuasarRAT codebase, and\nis under active development and supports a wide range of different custom commands. Some\nof the most interesting features include the installation of root certificates and proxy auto-config URLs, which may be used in conjunction with Google Chrome Kiosk mode to\nimpersonate financial institutions.\nInformation\nLast change to this tool card: 05 September 2023\nDownload this tool card in JSON format\nAll groups using tool BlotchyQuasar\nChanged Name Country Observed\nAPT groups\n Blind Eagle 2018-Nov 2024\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=45f35d48-48a2-4bbf-831f-782f46d2d4d9\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=45f35d48-48a2-4bbf-831f-782f46d2d4d9\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=45f35d48-48a2-4bbf-831f-782f46d2d4d9"
	],
	"report_names": [
		"listgroups.cgi?u=45f35d48-48a2-4bbf-831f-782f46d2d4d9"
	],
	"threat_actors": [
		{
			"id": "98b22fd7-bf1b-41a6-b51c-0e33a0ffd813",
			"created_at": "2022-10-25T15:50:23.688973Z",
			"updated_at": "2026-04-10T02:00:05.390055Z",
			"deleted_at": null,
			"main_name": "APT-C-36",
			"aliases": [
				"APT-C-36",
				"Blind Eagle"
			],
			"source_name": "MITRE:APT-C-36",
			"tools": [
				"Imminent Monitor"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "be597b07-0cde-47bc-80c3-790a8df34af4",
			"created_at": "2022-10-25T16:07:23.407484Z",
			"updated_at": "2026-04-10T02:00:04.58656Z",
			"deleted_at": null,
			"main_name": "Blind Eagle",
			"aliases": [
				"APT-C-36",
				"APT-Q-98",
				"AguilaCiega",
				"G0099"
			],
			"source_name": "ETDA:Blind Eagle",
			"tools": [
				"AsyncRAT",
				"BitRAT",
				"Bladabindi",
				"BlotchyQuasar",
				"Imminent Monitor",
				"Imminent Monitor RAT",
				"Jorik",
				"LimeRAT",
				"Remcos",
				"RemcosRAT",
				"Remvio",
				"Socmer",
				"Warzone",
				"Warzone RAT",
				"njRAT"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "bd43391b-b835-4cb3-839a-d830aa1a3410",
			"created_at": "2023-01-06T13:46:38.925525Z",
			"updated_at": "2026-04-10T02:00:03.147197Z",
			"deleted_at": null,
			"main_name": "APT-C-36",
			"aliases": [
				"Blind Eagle"
			],
			"source_name": "MISPGALAXY:APT-C-36",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775490736,
	"ts_updated_at": 1775826750,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2864e5e11b679373f6346b42ee673d39ca41b1f8.pdf",
		"text": "https://archive.orkl.eu/2864e5e11b679373f6346b42ee673d39ca41b1f8.txt",
		"img": "https://archive.orkl.eu/2864e5e11b679373f6346b42ee673d39ca41b1f8.jpg"
	}
}