{
	"id": "f79ed477-5b4f-4d87-85c4-a38efade4d40",
	"created_at": "2026-04-06T03:37:40.474557Z",
	"updated_at": "2026-04-10T03:30:57.824435Z",
	"deleted_at": null,
	"sha1_hash": "332abc8fe38bc7a55ff6a0ae4802229cb33f24b3",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44304,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-06 03:12:00 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool EFSPotato\r\n Tool: EFSPotato\r\nNames EFSPotato\r\nCategory Exploits\r\nDescription No description available yet.\r\nLast change to this tool card: 17 February 2023\r\nDownload this tool card in JSON format\r\nAll groups using tool EFSPotato\r\nChanged Name Country Observed\r\nAPT groups\r\n  Dalbit 2022  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=44255ddb-40a4-4246-961d-cf658a921c54\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=44255ddb-40a4-4246-961d-cf658a921c54\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=44255ddb-40a4-4246-961d-cf658a921c54"
	],
	"report_names": [
		"listgroups.cgi?u=44255ddb-40a4-4246-961d-cf658a921c54"
	],
	"threat_actors": [
		{
			"id": "bcf899bb-34bb-43e1-929d-02bc91974f2a",
			"created_at": "2023-02-18T02:04:24.050644Z",
			"updated_at": "2026-04-10T02:00:04.639142Z",
			"deleted_at": null,
			"main_name": "Dalbit",
			"aliases": [],
			"source_name": "ETDA:Dalbit",
			"tools": [
				"ASPXSpy",
				"ASPXTool",
				"Agentemis",
				"AntSword",
				"BadPotato",
				"BlueShell",
				"CHINACHOPPER",
				"China Chopper",
				"Cobalt Strike",
				"CobaltStrike",
				"EFSPotato",
				"FRP",
				"Fast Reverse Proxy",
				"Godzilla",
				"Godzilla Loader",
				"HTran",
				"HUC Packet Transmit Tool",
				"JuicyPotato",
				"LadonGo",
				"Metasploit",
				"Mimikatz",
				"NPS",
				"ProcDump",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"RottenPotato",
				"SinoChopper",
				"SweetPotato",
				"cobeacon",
				"reGeorg"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "7cf4ec85-806f-4fd7-855a-6669ed381bf5",
			"created_at": "2023-11-08T02:00:07.176033Z",
			"updated_at": "2026-04-10T02:00:03.435082Z",
			"deleted_at": null,
			"main_name": "Dalbit",
			"aliases": [],
			"source_name": "MISPGALAXY:Dalbit",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775446660,
	"ts_updated_at": 1775791857,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/332abc8fe38bc7a55ff6a0ae4802229cb33f24b3.pdf",
		"text": "https://archive.orkl.eu/332abc8fe38bc7a55ff6a0ae4802229cb33f24b3.txt",
		"img": "https://archive.orkl.eu/332abc8fe38bc7a55ff6a0ae4802229cb33f24b3.jpg"
	}
}