{
	"id": "71c90181-b645-4743-9880-ebcd8a8b98a1",
	"created_at": "2026-04-06T01:29:12.903608Z",
	"updated_at": "2026-04-10T03:26:48.482705Z",
	"deleted_at": null,
	"sha1_hash": "46e12ffe30229330cf94a78a3a7efa3b0d9d43d0",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49525,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 00:49:07 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool GoldenRAT\n Tool: GoldenRAT\nNames GoldenRAT\nCategory Malware\nType Reconnaissance, Backdoor, Info stealer, Exfiltration\nDescription\n(Qihoo 360) After analysing the backdoor script, as mentioned earlier, we found that this is a\nclassic backdoor that has been circulating on the network for a long time. Features include\ngetting system information and uploading, setting up scheduled tasks, downloading files,\nexecuting shell commands, deleting files, ending processes, traversing file drivers and\nprocesses, and more.\nInformation Malpedia Last change to this tool card: 23 April 2020\nDownload this tool card in JSON format\nAll groups using tool GoldenRAT\nChanged Name Country Observed\nAPT groups\n ↳ Subgroup: Goldmouse, APT-C-27 2014\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=783107ec-299d-4a11-a852-9118dcc37eea\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=783107ec-299d-4a11-a852-9118dcc37eea\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=783107ec-299d-4a11-a852-9118dcc37eea"
	],
	"report_names": [
		"listgroups.cgi?u=783107ec-299d-4a11-a852-9118dcc37eea"
	],
	"threat_actors": [
		{
			"id": "c2cc9aa5-1853-4de1-8849-cb3f28c7728e",
			"created_at": "2022-10-25T16:07:24.256045Z",
			"updated_at": "2026-04-10T02:00:04.912815Z",
			"deleted_at": null,
			"main_name": "Goldmouse",
			"aliases": [
				"APT-C-27",
				"ATK 80",
				"Golden Rat",
				"Goldmouse"
			],
			"source_name": "ETDA:Goldmouse",
			"tools": [
				"Bladabindi",
				"GoldenRAT",
				"Jorik",
				"njRAT"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "2c385a7d-0217-46d8-a451-29ac6fe58aaf",
			"created_at": "2023-01-06T13:46:38.937468Z",
			"updated_at": "2026-04-10T02:00:03.151838Z",
			"deleted_at": null,
			"main_name": "APT-C-27",
			"aliases": [
				"Golden RAT",
				"ATK80",
				"GoldMouse"
			],
			"source_name": "MISPGALAXY:APT-C-27",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775438952,
	"ts_updated_at": 1775791608,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/46e12ffe30229330cf94a78a3a7efa3b0d9d43d0.pdf",
		"text": "https://archive.orkl.eu/46e12ffe30229330cf94a78a3a7efa3b0d9d43d0.txt",
		"img": "https://archive.orkl.eu/46e12ffe30229330cf94a78a3a7efa3b0d9d43d0.jpg"
	}
}