{
	"id": "1eb5d089-834e-4562-9f29-2d89ce147593",
	"created_at": "2026-04-06T00:08:16.219179Z",
	"updated_at": "2026-04-10T03:32:56.822884Z",
	"deleted_at": null,
	"sha1_hash": "36bfe0c444396b6e19baacb4eac32cb89c31c9fc",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47580,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 23:13:04 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Kitkiot\r\n Tool: Kitkiot\r\nNames Kitkiot\r\nCategory Malware\r\nType Info stealer\r\nDescription\r\n(Cylance) Kitkiot variants are commonly installed alongside other types of malware and often\r\nincluded additional functionality, including:\r\n• Denial of Service (DoS) and Distributed Denial of Service (DDoS) capabilities\r\n• The ability to hijack and steal in-game account information and items from multiple online\r\ngaming platforms\r\n• In some rare cases these were used for click-through advertising fraud.\r\nInformation\r\n\u003chttps://threatvector.cylance.com/en_us/home/digitally-signed-malware-targeting-gaming-companies.html\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Kitkiot\r\nChanged Name Country Observed\r\nAPT groups\r\n  PassCV 2016  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1ccb210c-52fa-45a4-b6d6-861f8a16b9fd\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1ccb210c-52fa-45a4-b6d6-861f8a16b9fd\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1ccb210c-52fa-45a4-b6d6-861f8a16b9fd"
	],
	"report_names": [
		"listgroups.cgi?u=1ccb210c-52fa-45a4-b6d6-861f8a16b9fd"
	],
	"threat_actors": [
		{
			"id": "27b56f48-7905-4da8-8d87-cea10adb1c6b",
			"created_at": "2022-10-25T16:07:24.044105Z",
			"updated_at": "2026-04-10T02:00:04.848898Z",
			"deleted_at": null,
			"main_name": "PassCV",
			"aliases": [],
			"source_name": "ETDA:PassCV",
			"tools": [
				"Agentemis",
				"AngryRebel",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"Excalibur",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"Kitkiot",
				"Moudour",
				"Mydoor",
				"NetWeird",
				"NetWire",
				"NetWire RAT",
				"NetWire RC",
				"NetWired RC",
				"PCRat",
				"RbDoor",
				"Recam",
				"RibDoor",
				"Sabresac",
				"Sensocode",
				"Winnti",
				"ZXShell",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "dda68b4f-a74a-42a0-b883-69c1dc1229a8",
			"created_at": "2023-01-06T13:46:38.528227Z",
			"updated_at": "2026-04-10T02:00:03.013713Z",
			"deleted_at": null,
			"main_name": "PassCV",
			"aliases": [],
			"source_name": "MISPGALAXY:PassCV",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434096,
	"ts_updated_at": 1775791976,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/36bfe0c444396b6e19baacb4eac32cb89c31c9fc.pdf",
		"text": "https://archive.orkl.eu/36bfe0c444396b6e19baacb4eac32cb89c31c9fc.txt",
		"img": "https://archive.orkl.eu/36bfe0c444396b6e19baacb4eac32cb89c31c9fc.jpg"
	}
}