{
	"id": "4e677973-94c4-41c1-970a-ce20243aca30",
	"created_at": "2026-04-06T00:21:20.436697Z",
	"updated_at": "2026-04-10T03:34:41.438273Z",
	"deleted_at": null,
	"sha1_hash": "542b45b7d7c81d4e635b7d933279e4c7085de575",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47029,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 14:27:19 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool VenomRAT\n Tool: VenomRAT\nNames VenomRAT\nCategory Malware\nType Reconnaissance, Backdoor, Tunneling\nDescription\n(CloudSEK) VenomRAT is a remote access tool discovered by 2020, and it is used by threat\nactors to control the infected systems remotely.\nVenomRFAT is a clone of QuasarRAT.\nInformation\nLast change to this tool card: 27 June 2025\nDownload this tool card in JSON format\nAll groups using tool VenomRAT\nChanged Name Country Observed\nAPT groups\n OPERA1ER [Unknown] 2016-Jul 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2fbea6de-6e6f-417c-ab06-cca0df34ea90\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2fbea6de-6e6f-417c-ab06-cca0df34ea90\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2fbea6de-6e6f-417c-ab06-cca0df34ea90"
	],
	"report_names": [
		"listgroups.cgi?u=2fbea6de-6e6f-417c-ab06-cca0df34ea90"
	],
	"threat_actors": [
		{
			"id": "11c69e3d-a740-4a70-abd3-158ac0375452",
			"created_at": "2023-01-06T13:46:39.29608Z",
			"updated_at": "2026-04-10T02:00:03.27813Z",
			"deleted_at": null,
			"main_name": "Common Raven",
			"aliases": [
				"NXSMS",
				"DESKTOP-GROUP",
				"OPERA1ER"
			],
			"source_name": "MISPGALAXY:Common Raven",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a1071a25-d7c1-41be-a97f-2ec1b167ceb0",
			"created_at": "2023-02-18T02:04:24.365926Z",
			"updated_at": "2026-04-10T02:00:04.792271Z",
			"deleted_at": null,
			"main_name": "OPERA1ER",
			"aliases": [
				"Common Raven",
				"DESKTOP-GROUP",
				"NXSMS",
				"Operation Nervone"
			],
			"source_name": "ETDA:OPERA1ER",
			"tools": [
				"AgenTesla",
				"Agent Tesla",
				"AgentTesla",
				"Agentemis",
				"BitRAT",
				"BlackNET RAT",
				"Cobalt Strike",
				"CobaltStrike",
				"Kasidet",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Metasploit",
				"Negasteal",
				"NetWeird",
				"NetWire",
				"NetWire RAT",
				"NetWire RC",
				"NetWired RC",
				"Neutrino Bot",
				"Neutrino Exploit Kit",
				"Ngrok",
				"Origin Logger",
				"PsExec",
				"RDPWrap",
				"Recam",
				"Remcos",
				"RemcosRAT",
				"Remvio",
				"Revealer Keylogger",
				"Socmer",
				"VenomRAT",
				"ZPAQ",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434880,
	"ts_updated_at": 1775792081,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/542b45b7d7c81d4e635b7d933279e4c7085de575.pdf",
		"text": "https://archive.orkl.eu/542b45b7d7c81d4e635b7d933279e4c7085de575.txt",
		"img": "https://archive.orkl.eu/542b45b7d7c81d4e635b7d933279e4c7085de575.jpg"
	}
}