{
	"id": "ede6d37a-5dad-4c75-8fa1-f7cde325a392",
	"created_at": "2026-04-06T00:11:18.098874Z",
	"updated_at": "2026-04-10T13:11:42.498821Z",
	"deleted_at": null,
	"sha1_hash": "376ce859336dd02e464ec07934a4a1a067dc6c5b",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45498,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:36:19 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool BitterRAT\n Tool: BitterRAT\nNames\nBitterRAT\nBitter RAT\nCategory Malware\nType Backdoor\nDescription\n(Forcepoint) BITTER used free dynamic DNS (DDNS) and dedicated server hosting services\nin order to set up their C2s. The download site where the exploit documents download the\nRAT binaries are, in most cases, different from the actual RAT C2. However, both of them are\ntypically registered using a Gmail email address and a spoofed identity purporting to be either\nfrom United Kingdom or Great Britain.\nInformation\nMalpedia Last change to this tool card: 28 December 2022\nDownload this tool card in JSON format\nAll groups using tool BitterRAT\nChanged Name Country Observed\nAPT groups\n Bitter [South Asia] 2013-Nov 2024\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0e7f29c9-7c63-432a-aeb0-441aec1d43e4\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0e7f29c9-7c63-432a-aeb0-441aec1d43e4\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0e7f29c9-7c63-432a-aeb0-441aec1d43e4"
	],
	"report_names": [
		"listgroups.cgi?u=0e7f29c9-7c63-432a-aeb0-441aec1d43e4"
	],
	"threat_actors": [
		{
			"id": "655f7d0b-7ea6-4950-b272-969ab7c27a4b",
			"created_at": "2022-10-27T08:27:13.133291Z",
			"updated_at": "2026-04-10T02:00:05.315213Z",
			"deleted_at": null,
			"main_name": "BITTER",
			"aliases": [
				"T-APT-17"
			],
			"source_name": "MITRE:BITTER",
			"tools": [
				"ZxxZ"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "bf6cb670-bb69-473f-a220-97ac713fd081",
			"created_at": "2022-10-25T16:07:23.395205Z",
			"updated_at": "2026-04-10T02:00:04.578924Z",
			"deleted_at": null,
			"main_name": "Bitter",
			"aliases": [
				"G1002",
				"T-APT-17",
				"TA397"
			],
			"source_name": "ETDA:Bitter",
			"tools": [
				"Artra Downloader",
				"ArtraDownloader",
				"Bitter RAT",
				"BitterRAT",
				"Dracarys"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434278,
	"ts_updated_at": 1775826702,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/376ce859336dd02e464ec07934a4a1a067dc6c5b.pdf",
		"text": "https://archive.orkl.eu/376ce859336dd02e464ec07934a4a1a067dc6c5b.txt",
		"img": "https://archive.orkl.eu/376ce859336dd02e464ec07934a4a1a067dc6c5b.jpg"
	}
}