{
	"id": "848c5d12-4dbb-4015-970d-34c77578e185",
	"created_at": "2026-04-06T00:09:08.599923Z",
	"updated_at": "2026-04-10T03:25:40.002768Z",
	"deleted_at": null,
	"sha1_hash": "395c3051dc75cbc29d3a3f7a1a9e99145cb3f9d3",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48413,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 16:49:05 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Nefilim\n Tool: Nefilim\nNames\nNefilim\nNephilim\nCategory Malware\nType Ransomware, Big Game Hunting\nDescription\n(Trend Micro) Nefilim is among the notable ransomware variants that use double\nextortion tactics in their campaigns. First discovered in March 2020, Nefilim threatens to\nrelease victims’ stolen data to coerce them into paying the ransom. Aside from its use of\nthis tactic, another notable characteristic of Nefilim is its similarity to Nemty; in fact, it is\nbelieved to be an evolved version of the older ransomware.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 24 April 2021\nDownload this tool card in JSON format\nAll groups using tool Nefilim\nChanged Name Country Observed\nAPT groups\n Traveling Spider [Unknown] 2019-Mar 2021\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3edfaff6-30ec-4abf-85de-56b4192e6a8c\nPage 1 of 2\n\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3edfaff6-30ec-4abf-85de-56b4192e6a8c\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3edfaff6-30ec-4abf-85de-56b4192e6a8c\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3edfaff6-30ec-4abf-85de-56b4192e6a8c"
	],
	"report_names": [
		"listgroups.cgi?u=3edfaff6-30ec-4abf-85de-56b4192e6a8c"
	],
	"threat_actors": [
		{
			"id": "8b7faa58-947b-4530-ab1f-250a0370aabf",
			"created_at": "2022-10-25T16:07:24.34248Z",
			"updated_at": "2026-04-10T02:00:04.945921Z",
			"deleted_at": null,
			"main_name": "Traveling Spider",
			"aliases": [
				"Gold Mansard"
			],
			"source_name": "ETDA:Traveling Spider",
			"tools": [
				"7-Zip",
				"AdFind",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Nefilim",
				"Nemty",
				"Nephilim",
				"Network Password Recovery",
				"PsExec",
				"smbtool"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "1c76f1b6-a05b-4dba-82ea-07011b47c6cd",
			"created_at": "2023-01-06T13:46:39.201507Z",
			"updated_at": "2026-04-10T02:00:03.244851Z",
			"deleted_at": null,
			"main_name": "TRAVELING SPIDER",
			"aliases": [],
			"source_name": "MISPGALAXY:TRAVELING SPIDER",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434148,
	"ts_updated_at": 1775791540,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/395c3051dc75cbc29d3a3f7a1a9e99145cb3f9d3.pdf",
		"text": "https://archive.orkl.eu/395c3051dc75cbc29d3a3f7a1a9e99145cb3f9d3.txt",
		"img": "https://archive.orkl.eu/395c3051dc75cbc29d3a3f7a1a9e99145cb3f9d3.jpg"
	}
}