{
	"id": "b8e504a2-0138-4f36-9471-55fee911dd93",
	"created_at": "2026-04-06T00:06:10.377Z",
	"updated_at": "2026-04-10T03:30:57.867926Z",
	"deleted_at": null,
	"sha1_hash": "5375dc1a0f8344f5bf7e4840e33384b488cee096",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46530,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 19:47:46 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool SweetPotato\r\n Tool: SweetPotato\r\nNames SweetPotato\r\nCategory Exploits\r\nDescription No description available yet.\r\nLast change to this tool card: 17 February 2023\r\nDownload this tool card in JSON format\r\nAll groups using tool SweetPotato\r\nChanged Name Country Observed\r\nAPT groups\r\n  Dalbit 2022  \r\n  Gelsemium 2014-2023  \r\n  Operation Silent Skimmer [Unknown] 2022  \r\n3 groups listed (3 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=81685159-0533-4739-8576-35d8f0a3161b\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=81685159-0533-4739-8576-35d8f0a3161b\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=81685159-0533-4739-8576-35d8f0a3161b"
	],
	"report_names": [
		"listgroups.cgi?u=81685159-0533-4739-8576-35d8f0a3161b"
	],
	"threat_actors": [
		{
			"id": "2d4d2356-8f9e-464d-afc6-2403ce8cf424",
			"created_at": "2023-01-06T13:46:39.290101Z",
			"updated_at": "2026-04-10T02:00:03.275981Z",
			"deleted_at": null,
			"main_name": "Gelsemium",
			"aliases": [
				"狼毒草"
			],
			"source_name": "MISPGALAXY:Gelsemium",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "77874718-7ad2-4d15-9831-10935ab9bcbe",
			"created_at": "2022-10-25T15:50:23.619911Z",
			"updated_at": "2026-04-10T02:00:05.349462Z",
			"deleted_at": null,
			"main_name": "Gelsemium",
			"aliases": [
				"Gelsemium"
			],
			"source_name": "MITRE:Gelsemium",
			"tools": [
				"Gelsemium",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "ad98b6a9-78aa-4375-81c2-55ce04626812",
			"created_at": "2023-10-14T02:03:14.382189Z",
			"updated_at": "2026-04-10T02:00:04.836992Z",
			"deleted_at": null,
			"main_name": "Operation Silent Skimmer",
			"aliases": [],
			"source_name": "ETDA:Operation Silent Skimmer",
			"tools": [
				"Agentemis",
				"BadPotato",
				"Cobalt Strike",
				"CobaltStrike",
				"GodPotato",
				"Godzilla",
				"Godzilla Loader",
				"JuicyPotato",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"PowerShell RAT",
				"SharpToken",
				"SweetPotato",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "bcf899bb-34bb-43e1-929d-02bc91974f2a",
			"created_at": "2023-02-18T02:04:24.050644Z",
			"updated_at": "2026-04-10T02:00:04.639142Z",
			"deleted_at": null,
			"main_name": "Dalbit",
			"aliases": [],
			"source_name": "ETDA:Dalbit",
			"tools": [
				"ASPXSpy",
				"ASPXTool",
				"Agentemis",
				"AntSword",
				"BadPotato",
				"BlueShell",
				"CHINACHOPPER",
				"China Chopper",
				"Cobalt Strike",
				"CobaltStrike",
				"EFSPotato",
				"FRP",
				"Fast Reverse Proxy",
				"Godzilla",
				"Godzilla Loader",
				"HTran",
				"HUC Packet Transmit Tool",
				"JuicyPotato",
				"LadonGo",
				"Metasploit",
				"Mimikatz",
				"NPS",
				"ProcDump",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"RottenPotato",
				"SinoChopper",
				"SweetPotato",
				"cobeacon",
				"reGeorg"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "b5550c4e-943a-45ea-bf67-875b989ee4c4",
			"created_at": "2022-10-25T16:07:23.675771Z",
			"updated_at": "2026-04-10T02:00:04.707782Z",
			"deleted_at": null,
			"main_name": "Gelsemium",
			"aliases": [
				"Operation NightScout",
				"Operation TooHash"
			],
			"source_name": "ETDA:Gelsemium",
			"tools": [
				"ASPXSpy",
				"ASPXTool",
				"Agentemis",
				"BadPotato",
				"CHINACHOPPER",
				"China Chopper",
				"Chrommme",
				"Cobalt Strike",
				"CobaltStrike",
				"FireWood",
				"Gelsemine",
				"Gelsenicine",
				"Gelsevirine",
				"JuicyPotato",
				"OwlProxy",
				"Owowa",
				"SAMRID",
				"SessionManager",
				"SinoChopper",
				"SpoolFool",
				"SweetPotato",
				"WolfsBane",
				"cobeacon",
				"reGeorg"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "7cf4ec85-806f-4fd7-855a-6669ed381bf5",
			"created_at": "2023-11-08T02:00:07.176033Z",
			"updated_at": "2026-04-10T02:00:03.435082Z",
			"deleted_at": null,
			"main_name": "Dalbit",
			"aliases": [],
			"source_name": "MISPGALAXY:Dalbit",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775433970,
	"ts_updated_at": 1775791857,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5375dc1a0f8344f5bf7e4840e33384b488cee096.pdf",
		"text": "https://archive.orkl.eu/5375dc1a0f8344f5bf7e4840e33384b488cee096.txt",
		"img": "https://archive.orkl.eu/5375dc1a0f8344f5bf7e4840e33384b488cee096.jpg"
	}
}