{
	"id": "a00c9094-590f-4358-abae-9d0b69023584",
	"created_at": "2026-04-06T00:16:09.170047Z",
	"updated_at": "2026-04-10T03:22:11.368552Z",
	"deleted_at": null,
	"sha1_hash": "5146963004de0689091c7c22cfec570ae485de3d",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28916,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 14:05:46 UTC\r\nDescription(Cofense) RedLine Stealer, first seen in 2020, is probably the most well-known stealer on this list. It\r\nuses Simple Object Access Protocol (SOAP) for communication with its command-and-control center and can use\r\na variety of plugins. It’s used to collect information from various installed programs including credentials stored in\r\nbrowsers, email applications, as well as cryptocurrency wallet data. RedLine Stealer is often associated with\r\nsophisticated phishing campaigns that, after a successful infection, can deliver additional payloads like\r\nransomware or more advanced malware.\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=20c23064-7901-44cf-a07c-fe528fa60ab9\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=20c23064-7901-44cf-a07c-fe528fa60ab9\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=20c23064-7901-44cf-a07c-fe528fa60ab9"
	],
	"report_names": [
		"listgroups.cgi?u=20c23064-7901-44cf-a07c-fe528fa60ab9"
	],
	"threat_actors": [],
	"ts_created_at": 1775434569,
	"ts_updated_at": 1775791331,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5146963004de0689091c7c22cfec570ae485de3d.pdf",
		"text": "https://archive.orkl.eu/5146963004de0689091c7c22cfec570ae485de3d.txt",
		"img": "https://archive.orkl.eu/5146963004de0689091c7c22cfec570ae485de3d.jpg"
	}
}