{ "id": "bc110ae1-2000-4ce5-b52e-4a369fc82554", "created_at": "2026-04-06T00:11:24.769837Z", "updated_at": "2026-04-10T13:11:53.951099Z", "deleted_at": null, "sha1_hash": "3966901c6ecabe8685904fe525bb8c2770820668", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 47119, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 22:01:57 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ROMCOM RAT\n Tool: ROMCOM RAT\nNames\nROMCOM RAT\nROMCOM\nPEAPOD\nSingleCamper\nSnipBot\nCategory Malware\nType Backdoor\nDescription\n(BlackBerry) Earlier versions of RomCom RAT were distributed via fake websites spoofing\nthe legitimate 'Advanced IP Scanner' application website.\nInformation\nMalpedia Last change to this tool card: 27 December 2024\nDownload this tool card in JSON format\nAll groups using tool ROMCOM RAT\nChanged Name Country Observed\nAPT groups\n Tropical Scorpius, RomCom 2019-Oct 2024\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6ceba00e-bd46-422c-b2c7-1e148a71b830\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6ceba00e-bd46-422c-b2c7-1e148a71b830\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6ceba00e-bd46-422c-b2c7-1e148a71b830\r\nPage 2 of 2\n\nAPT groups Tropical Scorpius, RomCom 2019-Oct 2024 \n1 group listed (1 APT, 0 other, 0 unknown) \n Page 1 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=6ceba00e-bd46-422c-b2c7-1e148a71b830" ], "report_names": [ "listgroups.cgi?u=6ceba00e-bd46-422c-b2c7-1e148a71b830" ], "threat_actors": [ { "id": "fecc0d5a-3654-425d-9290-b6d0b4105463", "created_at": "2023-10-17T02:00:08.330061Z", "updated_at": "2026-04-10T02:00:03.37711Z", "deleted_at": null, "main_name": "Void Rabisu", "aliases": [ "Tropical Scorpius" ], "source_name": "MISPGALAXY:Void Rabisu", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "555e2cac-931d-4ad4-8eaa-64df6451059d", "created_at": "2023-01-06T13:46:39.48103Z", "updated_at": "2026-04-10T02:00:03.342729Z", "deleted_at": null, "main_name": "RomCom", "aliases": [ "UAT-5647", "Storm-0978" ], "source_name": "MISPGALAXY:RomCom", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d58052ba-978b-4775-985a-26ed8e64f98c", "created_at": "2023-09-07T02:02:48.069895Z", "updated_at": "2026-04-10T02:00:04.946879Z", "deleted_at": null, "main_name": "Tropical Scorpius", "aliases": [ "DEV-0978", "RomCom", "Storm-0671", "Storm-0978", "TA829", "Tropical Scorpius", "UAC-0180", "UNC2596", "Void Rabisu" ], "source_name": "ETDA:Tropical Scorpius", "tools": [ "COLDDRAW", "Cuba", "Industrial Spy", "PEAPOD", "ROMCOM", "ROMCOM RAT", "SingleCamper", "SnipBot" ], "source_id": "ETDA", "reports": null }, { "id": "4f56bb34-098d-43f6-a0e8-99616116c3ea", "created_at": "2024-06-19T02:03:08.048835Z", "updated_at": "2026-04-10T02:00:03.870819Z", "deleted_at": null, "main_name": "GOLD FLAMINGO", "aliases": [ "REF9019 ", "Tropical Scorpius ", "UAC-0132 ", "UAC0132 ", "UNC2596 ", "Void Rabisu " ], "source_name": "Secureworks:GOLD FLAMINGO", "tools": [ "Chanitor", "Cobalt Strike", "Cuba", "Meterpreter", "Mimikatz", "ROMCOM RAT" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434284, "ts_updated_at": 1775826713, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3966901c6ecabe8685904fe525bb8c2770820668.pdf", "text": "https://archive.orkl.eu/3966901c6ecabe8685904fe525bb8c2770820668.txt", "img": "https://archive.orkl.eu/3966901c6ecabe8685904fe525bb8c2770820668.jpg" } }