{
	"id": "d9052812-dd8b-449a-b93d-4d7a53b3db73",
	"created_at": "2026-04-06T01:30:48.27384Z",
	"updated_at": "2026-04-10T03:33:13.971868Z",
	"deleted_at": null,
	"sha1_hash": "3fb86e5ee26bf40e1a65ab919cc7f4eac2a6e403",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44360,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 01:03:06 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool PowerPepper\n Tool: PowerPepper\nNames PowerPepper\nCategory Malware\nType Backdoor\nDescription\n(Kaspersky) PowerPepper is a Windows in-memory PowerShell backdoor that can execute\nremotely sent shell commands. In strict accordance with DeathStalker’s traditions, the implant\nwill try to evade detection or sandboxes execution with various tricks such as detecting mouse\nmovements, filtering the client’s MAC addresses, and adapting its execution flow depending\non detected antivirus products.\nInformation Malpedia Last change to this tool card: 24 April 2021\nDownload this tool card in JSON format\nAll groups using tool PowerPepper\nChanged Name Country Observed\nAPT groups\n Deceptikons, DeathStalker [Unknown] 2012-Jun 2020\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5eb26475-f51f-4968-adff-5d54c103f96c\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5eb26475-f51f-4968-adff-5d54c103f96c\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5eb26475-f51f-4968-adff-5d54c103f96c"
	],
	"report_names": [
		"listgroups.cgi?u=5eb26475-f51f-4968-adff-5d54c103f96c"
	],
	"threat_actors": [
		{
			"id": "f7aa6029-2b01-4eee-8fe6-287330e087c9",
			"created_at": "2022-10-25T16:07:23.536763Z",
			"updated_at": "2026-04-10T02:00:04.646542Z",
			"deleted_at": null,
			"main_name": "Deceptikons",
			"aliases": [
				"DeathStalker",
				"Deceptikons"
			],
			"source_name": "ETDA:Deceptikons",
			"tools": [
				"EVILNUM",
				"Evilnum",
				"Janicab",
				"PowerPepper",
				"Powersing",
				"VileRAT"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "8ce861d7-7fbd-4d9c-a211-367c118bfdbd",
			"created_at": "2023-01-06T13:46:39.153487Z",
			"updated_at": "2026-04-10T02:00:03.232006Z",
			"deleted_at": null,
			"main_name": "Evilnum",
			"aliases": [
				"EvilNum",
				"Jointworm",
				"KNOCKOUT SPIDER",
				"DeathStalker",
				"TA4563"
			],
			"source_name": "MISPGALAXY:Evilnum",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775439048,
	"ts_updated_at": 1775791993,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3fb86e5ee26bf40e1a65ab919cc7f4eac2a6e403.pdf",
		"text": "https://archive.orkl.eu/3fb86e5ee26bf40e1a65ab919cc7f4eac2a6e403.txt",
		"img": "https://archive.orkl.eu/3fb86e5ee26bf40e1a65ab919cc7f4eac2a6e403.jpg"
	}
}