{
	"id": "bf19070a-7863-4f29-bd8d-e3e0657519fd",
	"created_at": "2026-04-06T00:15:15.720463Z",
	"updated_at": "2026-04-10T03:25:35.831975Z",
	"deleted_at": null,
	"sha1_hash": "34bd28c93c8d425ae3bf87bf9bdc8b86bc2573b7",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41395,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 21:19:43 UTC\nHome \u003e List all groups \u003e ShroudedSnooper\n APT group: ShroudedSnooper\nNames ShroudedSnooper (Talos)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2023\nDescription\n(Talos) This specific cluster of implants involving HTTPSnoop and PipeSnoop and associated\ntactics, techniques, and procedures (TTPs) do not match a known group that Talos tracks. We\nare therefore attributing this activity to a distinct intrusion set we’re calling\n“ShroudedSnooper.”\nObserved\nSectors: Telecommunications.\nCountries: Middle East.\nTools used HTTPSnoop, PipeSnoop.\nInformation Last change to this card: 12 October 2023\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=97687b24-8fea-4ff7-9dfc-d4be417f5c68\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=97687b24-8fea-4ff7-9dfc-d4be417f5c68\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=97687b24-8fea-4ff7-9dfc-d4be417f5c68"
	],
	"report_names": [
		"showcard.cgi?u=97687b24-8fea-4ff7-9dfc-d4be417f5c68"
	],
	"threat_actors": [
		{
			"id": "9d63303c-817c-40d7-b703-c6d62f0dbddc",
			"created_at": "2023-10-14T02:03:14.471787Z",
			"updated_at": "2026-04-10T02:00:04.891855Z",
			"deleted_at": null,
			"main_name": "ShroudedSnooper",
			"aliases": [],
			"source_name": "ETDA:ShroudedSnooper",
			"tools": [
				"HTTPSnoop",
				"PipeSnoop",
				"TOFULOAD",
				"TOFUPIPE"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "1ddad928-ad5f-4885-9abd-e8965dd793df",
			"created_at": "2023-11-08T02:00:07.129402Z",
			"updated_at": "2026-04-10T02:00:03.421623Z",
			"deleted_at": null,
			"main_name": "ShroudedSnooper",
			"aliases": [],
			"source_name": "MISPGALAXY:ShroudedSnooper",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434515,
	"ts_updated_at": 1775791535,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/34bd28c93c8d425ae3bf87bf9bdc8b86bc2573b7.pdf",
		"text": "https://archive.orkl.eu/34bd28c93c8d425ae3bf87bf9bdc8b86bc2573b7.txt",
		"img": "https://archive.orkl.eu/34bd28c93c8d425ae3bf87bf9bdc8b86bc2573b7.jpg"
	}
}