{
	"id": "98beb580-d8aa-497e-abf0-415d10c5ed79",
	"created_at": "2026-04-06T00:10:20.740373Z",
	"updated_at": "2026-04-10T03:34:28.241457Z",
	"deleted_at": null,
	"sha1_hash": "3afba27622b2ae4286a473e4dabac44a99d1f01e",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49353,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 15:11:17 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Zingdoor\r\n Tool: Zingdoor\r\nNames Zingdoor\r\nCategory Malware\r\nType Backdoor\r\nDescription\r\n(Trend Micro) Zingdoor is a new HTTP backdoor written in Go. While we first encountered\r\nZingdoor in April 2023, some logs indicate that the earliest developments of this backdoor\r\ntook place in June 2022. However, it had rarely been seen in the wild and had only been\r\nobserved being used in a limited number of victims, likely as a newly designed backdoor with\r\ncross-platform capabilities. Zingdoor is packed using UPX and heavily obfuscated by a custom\r\nobfuscator engine.\r\nInformation\r\n\u003chttps://www.trendmicro.com/en_us/research/23/h/earth-estries-targets-government-tech-for-cyberespionage.html\u003e\r\n\u003chttps://www.trendmicro.com/en_us/research/24/k/breaking-down-earth-estries-persistent-ttps-in-prolonged-cyber-o.html\u003e\r\nLast change to this tool card: 26 December 2024\r\nDownload this tool card in JSON format\r\nAll groups using tool Zingdoor\r\nChanged Name Country Observed\r\nAPT groups\r\n  Salt Typhoon, GhostEmperor 2020-Feb 2025\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e67dd84e-f8cc-4d6e-8af0-e212c2c3cc38\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e67dd84e-f8cc-4d6e-8af0-e212c2c3cc38\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e67dd84e-f8cc-4d6e-8af0-e212c2c3cc38"
	],
	"report_names": [
		"listgroups.cgi?u=e67dd84e-f8cc-4d6e-8af0-e212c2c3cc38"
	],
	"threat_actors": [
		{
			"id": "f67fb5b3-b0d4-484c-943e-ebf12251eff6",
			"created_at": "2022-10-25T16:07:23.605611Z",
			"updated_at": "2026-04-10T02:00:04.685162Z",
			"deleted_at": null,
			"main_name": "FamousSparrow",
			"aliases": [
				"Earth Estries"
			],
			"source_name": "ETDA:FamousSparrow",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "f0eca237-f191-448f-87d1-5d6b3651cbff",
			"created_at": "2024-02-06T02:00:04.140087Z",
			"updated_at": "2026-04-10T02:00:03.577326Z",
			"deleted_at": null,
			"main_name": "GhostEmperor",
			"aliases": [
				"OPERATOR PANDA",
				"FamousSparrow",
				"UNC2286",
				"Salt Typhoon",
				"RedMike"
			],
			"source_name": "MISPGALAXY:GhostEmperor",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a09ade2a-6b87-4f9a-b4f8-23cf14f63633",
			"created_at": "2023-11-04T02:00:07.676869Z",
			"updated_at": "2026-04-10T02:00:03.389898Z",
			"deleted_at": null,
			"main_name": "Earth Estries",
			"aliases": [],
			"source_name": "MISPGALAXY:Earth Estries",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d390d62a-6e11-46e5-a16f-a88898a8e6ff",
			"created_at": "2024-12-28T02:01:54.899899Z",
			"updated_at": "2026-04-10T02:00:04.880446Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Earth Estries",
				"FamousSparrow",
				"GhostEmperor",
				"Operator Panda",
				"RedMike",
				"Salt Typhoon",
				"UNC2286"
			],
			"source_name": "ETDA:Salt Typhoon",
			"tools": [
				"Agentemis",
				"Backdr-NQ",
				"Cobalt Strike",
				"CobaltStrike",
				"Crowdoor",
				"Cryptmerlin",
				"Deed RAT",
				"Demodex",
				"FamousSparrow",
				"FuxosDoor",
				"GHOSTSPIDER",
				"HemiGate",
				"MASOL RAT",
				"Mimikatz",
				"NBTscan",
				"NinjaCopy",
				"ProcDump",
				"PsExec",
				"PsList",
				"SnappyBee",
				"SparrowDoor",
				"TrillClient",
				"WinRAR",
				"Zingdoor",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "fcff864b-9255-49cf-9d9b-2b9cb2ad7cff",
			"created_at": "2025-04-23T02:00:55.190165Z",
			"updated_at": "2026-04-10T02:00:05.361244Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Salt Typhoon"
			],
			"source_name": "MITRE:Salt Typhoon",
			"tools": [
				"JumbledPath"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6477a057-a76b-4b60-9135-b21ee075ca40",
			"created_at": "2025-11-01T02:04:53.060656Z",
			"updated_at": "2026-04-10T02:00:03.845594Z",
			"deleted_at": null,
			"main_name": "BRONZE TIGER",
			"aliases": [
				"Earth Estries ",
				"Famous Sparrow ",
				"Ghost Emperor ",
				"RedMike ",
				"Salt Typhoon "
			],
			"source_name": "Secureworks:BRONZE TIGER",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434220,
	"ts_updated_at": 1775792068,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3afba27622b2ae4286a473e4dabac44a99d1f01e.pdf",
		"text": "https://archive.orkl.eu/3afba27622b2ae4286a473e4dabac44a99d1f01e.txt",
		"img": "https://archive.orkl.eu/3afba27622b2ae4286a473e4dabac44a99d1f01e.jpg"
	}
}