{ "id": "ccfb366b-32ac-4ccc-b19f-18427b692c4d", "created_at": "2026-04-06T00:15:04.249714Z", "updated_at": "2026-04-10T03:33:51.924885Z", "deleted_at": null, "sha1_hash": "5624d6486be1981bf195b01849e8260d0613e96d", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 60295, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-02 11:11:12 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Remsec\n Tool: Remsec\nNames\nRemsec\nBackdoor.Remsec\nProjectSauron\nCategory Malware\nType Backdoor, Info stealer, Exfiltration, Tunneling\nDescription\n(Kaspersky) Remsec is particularly interested in gaining access to encrypted\ncommunications, hunting them down using an advanced modular cyber-espionage\nplatform that incorporates a set of unique tools and techniques. The most noteworthy\nfeature of Remsec’s tactics is the deliberate avoidance of patterns: Remsec customizes\nits implants and infrastructure for each individual target, and never reuses them. This\napproach, coupled with multiple routes for the exfiltration of stolen data, such as\nlegitimate email channels and DNS, enables Remsec to conduct secretive, long-term\nspying campaigns in target networks.\nRemsec gives the impression of being an experienced and traditional actor that has put\nconsiderable effort into learning from other extremely advanced actors, including Duqu,\nFlame, Equation and Regin; adopting some of their most innovative techniques and\nimproving on their tactics in order to remain undiscovered.\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool Remsec\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3f13e218-95a3-47bd-935f-0e195bdb1779\nPage 1 of 2\n\nChanged Name Country Observed\r\nAPT groups\r\n  Strider, ProjectSauron 2011  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3f13e218-95a3-47bd-935f-0e195bdb1779\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3f13e218-95a3-47bd-935f-0e195bdb1779\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3f13e218-95a3-47bd-935f-0e195bdb1779" ], "report_names": [ "listgroups.cgi?u=3f13e218-95a3-47bd-935f-0e195bdb1779" ], "threat_actors": [ { "id": "b740943a-da51-4133-855b-df29822531ea", "created_at": "2022-10-25T15:50:23.604126Z", "updated_at": "2026-04-10T02:00:05.259593Z", "deleted_at": null, "main_name": "Equation", "aliases": [ "Equation" ], "source_name": "MITRE:Equation", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "99845f58-2c39-46f7-8369-bb621ebb7002", "created_at": "2022-10-25T16:07:24.238844Z", "updated_at": "2026-04-10T02:00:04.90851Z", "deleted_at": null, "main_name": "Strider", "aliases": [ "G0041", "ProjectSauron" ], "source_name": "ETDA:Strider", "tools": [ "Backdoor.Remsec", "ProjectSauron", "Remsec" ], "source_id": "ETDA", "reports": null }, { "id": "c1ac2a5e-0225-47a4-8ac5-5fa898c96bde", "created_at": "2023-01-06T13:46:38.472883Z", "updated_at": "2026-04-10T02:00:02.989134Z", "deleted_at": null, "main_name": "ProjectSauron", "aliases": [ "Sauron", "Project Sauron", "G0041" ], "source_name": "MISPGALAXY:ProjectSauron", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a0d369c1-f0b7-4c70-a3a5-77aabbd17979", "created_at": "2022-10-25T15:50:23.311311Z", "updated_at": "2026-04-10T02:00:05.407733Z", "deleted_at": null, "main_name": "Strider", "aliases": [ "ProjectSauron" ], "source_name": "MITRE:Strider", "tools": [ "Remsec" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434504, "ts_updated_at": 1775792031, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5624d6486be1981bf195b01849e8260d0613e96d.pdf", "text": "https://archive.orkl.eu/5624d6486be1981bf195b01849e8260d0613e96d.txt", "img": "https://archive.orkl.eu/5624d6486be1981bf195b01849e8260d0613e96d.jpg" } }