{ "id": "f7984e0d-1628-4deb-aa0d-b975112f4356", "created_at": "2026-04-06T00:20:21.391566Z", "updated_at": "2026-04-10T13:12:38.602413Z", "deleted_at": null, "sha1_hash": "3be2482a0b08f49bccfdef8ff1e8606979c398b1", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 45461, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 19:45:26 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Cuba\r\n Tool: Cuba\r\nNames\r\nCuba\r\nCOLDDRAW\r\nCategory Malware\r\nType Ransomware\r\nDescription\r\nCuba is a Windows-based ransomware family that has been used against financial\r\ninstitutions, technology, and logistics organizations in North and South America as well\r\nas Europe since at least December 2019.\r\nInformation\r\n\u003chttps://www.cisa.gov/news-events/cybersecurity-advisories/aa22-335a\u003e\r\n\u003chttps://blogs.blackberry.com/en/2023/08/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-usa-and-it-integrator-in-latin-america\u003e\r\nMITRE ATT\u0026CK \u003chttps://attack.mitre.org/software/S0625\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.cuba\u003e\r\nLast change to this tool card: 17 January 2024\r\nDownload this tool card in JSON format\r\nAll groups using tool Cuba\r\nChanged Name Country Observed\r\nAPT groups\r\n  Tropical Scorpius, RomCom 2019-Oct 2024  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8660efd3-763e-4f56-b8e2-c34b03582591\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8660efd3-763e-4f56-b8e2-c34b03582591\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8660efd3-763e-4f56-b8e2-c34b03582591" ], "report_names": [ "listgroups.cgi?u=8660efd3-763e-4f56-b8e2-c34b03582591" ], "threat_actors": [ { "id": "fecc0d5a-3654-425d-9290-b6d0b4105463", "created_at": "2023-10-17T02:00:08.330061Z", "updated_at": "2026-04-10T02:00:03.37711Z", "deleted_at": null, "main_name": "Void Rabisu", "aliases": [ "Tropical Scorpius" ], "source_name": "MISPGALAXY:Void Rabisu", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "555e2cac-931d-4ad4-8eaa-64df6451059d", "created_at": "2023-01-06T13:46:39.48103Z", "updated_at": "2026-04-10T02:00:03.342729Z", "deleted_at": null, "main_name": "RomCom", "aliases": [ "UAT-5647", "Storm-0978" ], "source_name": "MISPGALAXY:RomCom", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d58052ba-978b-4775-985a-26ed8e64f98c", "created_at": "2023-09-07T02:02:48.069895Z", "updated_at": "2026-04-10T02:00:04.946879Z", "deleted_at": null, "main_name": "Tropical Scorpius", "aliases": [ "DEV-0978", "RomCom", "Storm-0671", "Storm-0978", "TA829", "Tropical Scorpius", "UAC-0180", "UNC2596", "Void Rabisu" ], "source_name": "ETDA:Tropical Scorpius", "tools": [ "COLDDRAW", "Cuba", "Industrial Spy", "PEAPOD", "ROMCOM", "ROMCOM RAT", "SingleCamper", "SnipBot" ], "source_id": "ETDA", "reports": null }, { "id": "4f56bb34-098d-43f6-a0e8-99616116c3ea", "created_at": "2024-06-19T02:03:08.048835Z", "updated_at": "2026-04-10T02:00:03.870819Z", "deleted_at": null, "main_name": "GOLD FLAMINGO", "aliases": [ "REF9019 ", "Tropical Scorpius ", "UAC-0132 ", "UAC0132 ", "UNC2596 ", "Void Rabisu " ], "source_name": "Secureworks:GOLD FLAMINGO", "tools": [ "Chanitor", "Cobalt Strike", "Cuba", "Meterpreter", "Mimikatz", "ROMCOM RAT" ], "source_id": "Secureworks", "reports": null } ], "ts_created_at": 1775434821, "ts_updated_at": 1775826758, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3be2482a0b08f49bccfdef8ff1e8606979c398b1.pdf", "text": "https://archive.orkl.eu/3be2482a0b08f49bccfdef8ff1e8606979c398b1.txt", "img": "https://archive.orkl.eu/3be2482a0b08f49bccfdef8ff1e8606979c398b1.jpg" } }