{ "id": "72de748c-3582-4a10-912e-24e342d548ed", "created_at": "2026-04-06T00:14:46.332347Z", "updated_at": "2026-04-10T03:37:19.354178Z", "deleted_at": null, "sha1_hash": "487dc92f52f90f844f8bb38b2c92fd894470c21b", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 47454, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 15:26:50 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ZeGhost\r\n Tool: ZeGhost\r\nNames\r\nZeGhost\r\nBackDoor-FBZT!52D84425CDF2\r\nTrojan.Win32.Staser.ytq\r\nWin32/Zegost.BW\r\nCategory Tools\r\nType Backdoor\r\nDescription ZeGhots is a RAT which was freely available and first released in 2014.\r\nInformation\r\n\u003chttps://www.slideshare.net/CrowdStrike/crowd-casts-monthly-you-have-an-adversary-problem\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool ZeGhost\r\nChanged Name Country Observed\r\nAPT groups\r\n  Goblin Panda, Cycldek, Conimes 2013-Jun 2020  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f5e886be-876b-4eb1-b7a7-23d19d5dc8af\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f5e886be-876b-4eb1-b7a7-23d19d5dc8af\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f5e886be-876b-4eb1-b7a7-23d19d5dc8af" ], "report_names": [ "listgroups.cgi?u=f5e886be-876b-4eb1-b7a7-23d19d5dc8af" ], "threat_actors": [ { "id": "7d553b83-a7b2-431f-9bc9-08da59f3c4ea", "created_at": "2023-01-06T13:46:39.444946Z", "updated_at": "2026-04-10T02:00:03.331753Z", "deleted_at": null, "main_name": "GOBLIN PANDA", "aliases": [ "Conimes", "Cycldek" ], "source_name": "MISPGALAXY:GOBLIN PANDA", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2c7ecb0e-337c-478f-95d4-7dbe9ba44c39", "created_at": "2022-10-25T16:07:23.690871Z", "updated_at": "2026-04-10T02:00:04.709966Z", "deleted_at": null, "main_name": "Goblin Panda", "aliases": [ "1937CN", "Conimes", "Cycldek", "Goblin Panda" ], "source_name": "ETDA:Goblin Panda", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "Agent.dhwf", "BackDoor-FBZT!52D84425CDF2", "BlueCore", "BrowsingHistoryView", "ChromePass", "CoreLoader", "Custom HDoor", "Destroy RAT", "DestroyRAT", "DropPhone", "FoundCore", "HDoor", "HTTPTunnel", "JsonCookies", "Kaba", "Korplug", "LOLBAS", "LOLBins", "Living off the Land", "NBTscan", "NewCore RAT", "PlugX", "ProcDump", "PsExec", "QCRat", "RainyDay", "RedCore", "RedDelta", "RoyalRoad", "Sisfader", "Sisfader RAT", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trojan.Win32.Staser.ytq", "USBCulprit", "Win32/Zegost.BW", "Xamtrav", "ZeGhost", "nbtscan" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434486, "ts_updated_at": 1775792239, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/487dc92f52f90f844f8bb38b2c92fd894470c21b.pdf", "text": "https://archive.orkl.eu/487dc92f52f90f844f8bb38b2c92fd894470c21b.txt", "img": "https://archive.orkl.eu/487dc92f52f90f844f8bb38b2c92fd894470c21b.jpg" } }