{
	"id": "e1d581f9-eccf-488c-a928-13ccfe60b969",
	"created_at": "2026-04-06T00:19:58.423308Z",
	"updated_at": "2026-04-10T03:35:17.515588Z",
	"deleted_at": null,
	"sha1_hash": "58651606eb6ad8abd01b7c1ebd08fb55a33d82ef",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43642,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 17:07:24 UTC\n APT group: Gallmaker\nNames\nGallmaker (Symantec)\nG0084 (MITRE)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2017\nDescription\n(Symantec) Symantec researchers have uncovered a previously unknown attack group\nthat is targeting government and military targets, including several overseas embassies\nof an Eastern European country, and military and defense targets in the Middle East.\nThis group eschews custom malware and uses living off the land (LotL) tactics and\npublicly available hack tools to carry out activities that bear all the hallmarks of a cyber\nespionage campaign.\nThe group, which we have given the name Gallmaker, has been operating since at least\nDecember 2017, with its most recent activity observed in June 2018.\nObserved\nSectors: Defense, Embassies, Government.\nCountries: Eastern Europe and Middle East.\nTools used Living off the Land.\nInformation MITRE ATT\u0026CK Last change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=dafbb134-1652-4444-8b12-9b4cc121e3c2\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=dafbb134-1652-4444-8b12-9b4cc121e3c2\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=dafbb134-1652-4444-8b12-9b4cc121e3c2"
	],
	"report_names": [
		"showcard.cgi?u=dafbb134-1652-4444-8b12-9b4cc121e3c2"
	],
	"threat_actors": [
		{
			"id": "75064860-5d9f-479d-accb-85c66c3b1c59",
			"created_at": "2022-10-25T15:50:23.328221Z",
			"updated_at": "2026-04-10T02:00:05.393569Z",
			"deleted_at": null,
			"main_name": "Gallmaker",
			"aliases": [
				"Gallmaker"
			],
			"source_name": "MITRE:Gallmaker",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "d3f381a3-9f9f-47e7-9d02-de51b73777d3",
			"created_at": "2022-10-25T16:07:23.656177Z",
			"updated_at": "2026-04-10T02:00:04.703168Z",
			"deleted_at": null,
			"main_name": "Gallmaker",
			"aliases": [
				"G0084"
			],
			"source_name": "ETDA:Gallmaker",
			"tools": [
				"LOLBAS",
				"LOLBins",
				"Living off the Land"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d2c38c87-27a5-489b-ac64-ee8306409aac",
			"created_at": "2023-01-06T13:46:38.890574Z",
			"updated_at": "2026-04-10T02:00:03.136216Z",
			"deleted_at": null,
			"main_name": "Gallmaker",
			"aliases": [],
			"source_name": "MISPGALAXY:Gallmaker",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434798,
	"ts_updated_at": 1775792117,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/58651606eb6ad8abd01b7c1ebd08fb55a33d82ef.pdf",
		"text": "https://archive.orkl.eu/58651606eb6ad8abd01b7c1ebd08fb55a33d82ef.txt",
		"img": "https://archive.orkl.eu/58651606eb6ad8abd01b7c1ebd08fb55a33d82ef.jpg"
	}
}