{ "id": "3886c04b-0887-4f33-999b-74eb7d7111b6", "created_at": "2026-04-06T00:10:11.748108Z", "updated_at": "2026-04-10T13:12:41.498726Z", "deleted_at": null, "sha1_hash": "3c7594c205786562d4eb45cb3507cbb30a1333c5", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 57685, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 21:47:30 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool GolfSpy\r\n Tool: GolfSpy\r\nNames GolfSpy\r\nCategory Malware\r\nType Reconnaissance, Info stealer, Exfiltration\r\nDescription\r\n(Trend Micro) Given GolfSpy’s information-stealing capabilities, this malware can\r\neffectively hijack an infected Android device. Here is a list of information that GolfSpy\r\nsteals:\r\n• Device accounts\r\n• List of applications installed in the device\r\n• Device’s current running processes\r\n• Battery status\r\n• Bookmarks/Histories of the device’s default browser\r\n• Call logs and records\r\n• Clipboard contents\r\n• Contacts, including those in VCard format\r\n• Mobile operator information\r\n• Files stored on SDcard\r\n• Device location\r\n• List of image, audio, and video files stored on the device\r\n• Storage and memory information\r\n• Connection information\r\n• Sensor information\r\n• SMS messages\r\n• Pictures\r\nGolfSpy also has a function that lets it connect to a remote server to fetch and perform\r\ncommands, including: searching for, listing, deleting, and renaming files as well as\r\ndownloading a file into and retrieving a file from the device; taking screenshots;\r\ninstalling other application packages (APK); recording audio and video; and updating\r\nthe malware.\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fdd7d92f-6189-40cb-974d-66f655620429\r\nPage 1 of 2\n\nInformation\nMITRE ATT\u0026CK Last change to this tool card: 31 December 2022\nDownload this tool card in JSON format\nAll groups using tool GolfSpy\nChanged Name Country Observed\nAPT groups\n Domestic Kitten 2016-Oct 2022\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fdd7d92f-6189-40cb-974d-66f655620429\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fdd7d92f-6189-40cb-974d-66f655620429\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fdd7d92f-6189-40cb-974d-66f655620429" ], "report_names": [ "listgroups.cgi?u=fdd7d92f-6189-40cb-974d-66f655620429" ], "threat_actors": [ { "id": "44d5df14-6a25-41d6-a54c-7c7ebac358cf", "created_at": "2023-01-06T13:46:38.817312Z", "updated_at": "2026-04-10T02:00:03.111227Z", "deleted_at": null, "main_name": "Domestic Kitten", "aliases": [ "Bouncing Golf", "APT-C-50" ], "source_name": "MISPGALAXY:Domestic Kitten", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "30f6ddb3-f5aa-4b78-a1a5-e37c42b2c560", "created_at": "2022-10-25T16:07:23.544297Z", "updated_at": "2026-04-10T02:00:04.64999Z", "deleted_at": null, "main_name": "Domestic Kitten", "aliases": [ "APT-C-50", "Bouncing Golf", "G0097" ], "source_name": "ETDA:Domestic Kitten", "tools": [ "FurBall", "GolfSpy" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434211, "ts_updated_at": 1775826761, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3c7594c205786562d4eb45cb3507cbb30a1333c5.pdf", "text": "https://archive.orkl.eu/3c7594c205786562d4eb45cb3507cbb30a1333c5.txt", "img": "https://archive.orkl.eu/3c7594c205786562d4eb45cb3507cbb30a1333c5.jpg" } }