{ "id": "70ae505e-c866-488e-972c-d810e8a2c521", "created_at": "2026-04-06T00:10:59.423627Z", "updated_at": "2026-04-10T13:11:53.948507Z", "deleted_at": null, "sha1_hash": "33dda994694a09586685534d9d247acd23435087", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 54535, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 17:53:17 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Jasus\r\n Tool: Jasus\r\nNames Jasus\r\nCategory Malware\r\nType Poisoning\r\nDescription\r\n(Cylance) Jasus is an ARP cache poisoner developed by the Operation Cleaver team. It makes\r\nuse of WinPcap and is developed in C. Compared to some other publicly available ARP cache\r\npoisoning utilities, Jasus is poorly developed and without many useful features. The primary\r\npositive attribute of Jasus is its poor detection ratio by the antivirus industry.\r\nInformation\r\n\u003chttps://www.cylance.com/content/dam/cylance/pages/operation-cleaver/Cylance_Operation_Cleaver_Report.pdf\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.jasus\u003e\r\nLast change to this tool card: 23 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Jasus\r\nChanged Name Country Observed\r\nAPT groups\r\n  Cutting Kitten, TG-2889 2012-Mar 2016\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a9fee6d2-1250-4e73-bffe-673c58e27da6\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a9fee6d2-1250-4e73-bffe-673c58e27da6\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a9fee6d2-1250-4e73-bffe-673c58e27da6" ], "report_names": [ "listgroups.cgi?u=a9fee6d2-1250-4e73-bffe-673c58e27da6" ], "threat_actors": [ { "id": "49f1ada0-181f-4e89-a449-e6bc13c8c6b1", "created_at": "2022-10-25T15:50:23.561511Z", "updated_at": "2026-04-10T02:00:05.382592Z", "deleted_at": null, "main_name": "Cleaver", "aliases": [ "Threat Group 2889", "TG-2889" ], "source_name": "MITRE:Cleaver", "tools": [ "Net Crawler", "PsExec", "TinyZBot", "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "9663cdbf-646e-4579-881a-a8ebc3aabf63", "created_at": "2023-01-06T13:46:38.360862Z", "updated_at": "2026-04-10T02:00:02.942852Z", "deleted_at": null, "main_name": "Cutting Kitten", "aliases": [ "ITsecTeam" ], "source_name": "MISPGALAXY:Cutting Kitten", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "3fff98c9-ad02-401d-9d4b-f78b5b634f31", "created_at": "2023-01-06T13:46:38.376868Z", "updated_at": "2026-04-10T02:00:02.949077Z", "deleted_at": null, "main_name": "Cleaver", "aliases": [ "G0003", "Operation Cleaver", "Op Cleaver", "Tarh Andishan", "Alibaba", "TG-2889", "Cobalt Gypsy" ], "source_name": "MISPGALAXY:Cleaver", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "217c588a-5896-4335-b9ec-a516ae2f9a7e", "created_at": "2022-10-25T16:07:23.513775Z", "updated_at": "2026-04-10T02:00:04.635263Z", "deleted_at": null, "main_name": "Cutting Kitten", "aliases": [ "Cutting Kitten", "G0003", "Operation Cleaver", "TG-2889" ], "source_name": "ETDA:Cutting Kitten", "tools": [ "CsExt", "DistTrack", "IvizTech", "Jasus", "KAgent", "Logger Module", "MANGOPUNCH", "MPK", "MPKBot", "Net Crawler", "NetC", "PVZ-In", "PVZ-Out", "Pupy", "PupyRAT", "PvzOut", "Shamoon", "SynFlooder", "SysKit", "TinyZBot", "WndTest", "pupy", "zhCat", "zhMimikatz" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434259, "ts_updated_at": 1775826713, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/33dda994694a09586685534d9d247acd23435087.pdf", "text": "https://archive.orkl.eu/33dda994694a09586685534d9d247acd23435087.txt", "img": "https://archive.orkl.eu/33dda994694a09586685534d9d247acd23435087.jpg" } }