{
	"id": "007ac380-bdca-479a-b848-515bc41e91c9",
	"created_at": "2026-04-06T00:06:10.605244Z",
	"updated_at": "2026-04-10T03:21:14.511437Z",
	"deleted_at": null,
	"sha1_hash": "4c2570cda8c8a7b9835bf8e8c4302880eb532e4c",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45034,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 16:18:05 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool RURansom\r\n Tool: RURansom\r\nNames RURansom\r\nCategory Malware\r\nType Wiper\r\nDescription\r\n(TrendMicro) On March 1, a tweet from MalwareHunterTeam about a possible ransomware\r\nvariant caught our attention and set our immediate analysis into motion. We found several\r\nadditional samples of this malware, which has been dubbed as “RURansom” by its developer.\r\nDespite its name, analysis has revealed it to be a wiper and not a ransomware variant because\r\nof its irreversible destruction of encrypted files.\r\nInformation\r\n\u003chttps://www.trendmicro.com/en_us/research/22/c/new-ruransom-wiper-targets-russia.html\u003e\r\n\u003chttps://twitter.com/malwrhunterteam/status/1498678603613155343\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.ruransom\u003e\r\nLast change to this tool card: 30 June 2025\r\nDownload this tool card in JSON format\r\nAll groups using tool RURansom\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3fe383d0-0ca5-4a98-8230-4d2c63dcaa49\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3fe383d0-0ca5-4a98-8230-4d2c63dcaa49\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3fe383d0-0ca5-4a98-8230-4d2c63dcaa49"
	],
	"report_names": [
		"listgroups.cgi?u=3fe383d0-0ca5-4a98-8230-4d2c63dcaa49"
	],
	"threat_actors": [],
	"ts_created_at": 1775433970,
	"ts_updated_at": 1775791274,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4c2570cda8c8a7b9835bf8e8c4302880eb532e4c.pdf",
		"text": "https://archive.orkl.eu/4c2570cda8c8a7b9835bf8e8c4302880eb532e4c.txt",
		"img": "https://archive.orkl.eu/4c2570cda8c8a7b9835bf8e8c4302880eb532e4c.jpg"
	}
}