{
	"id": "81afcb0a-34a5-43f3-8bef-4145dcf4b567",
	"created_at": "2026-04-06T00:14:03.959194Z",
	"updated_at": "2026-04-10T03:24:26.598446Z",
	"deleted_at": null,
	"sha1_hash": "5a6ee1d6586142fa76af18acc31470cb5fba09a0",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44557,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 15:35:35 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Separ\n Tool: Separ\nNames Separ\nCategory Malware\nType Info stealer\nDescription\n(Kaspersky) What sets this stealer apart is its use of a simply but tricky technique dubbed\n“Living off the Land.” Hackers have used this popular tactic in the past to launch attacks based\non legitimate files which are either common within the organization attacked, or are widely-used administrative tools. The legit files can be abused to perform malicious functions.\nFor Separ, that means using very short script and batch files, as well as legitimate executables,\nto carry out all of its malicious business logic.\nInformation Last change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool Separ\nChanged Name Country Observed\nAPT groups\n Gangnam Industrial Style [Unknown] 2019\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=897e0110-84da-445a-af6d-429a4d18cf97\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=897e0110-84da-445a-af6d-429a4d18cf97\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=897e0110-84da-445a-af6d-429a4d18cf97"
	],
	"report_names": [
		"listgroups.cgi?u=897e0110-84da-445a-af6d-429a4d18cf97"
	],
	"threat_actors": [
		{
			"id": "e05a6eb3-2b1f-42a8-b469-599e7441eae6",
			"created_at": "2022-10-25T16:07:23.663913Z",
			"updated_at": "2026-04-10T02:00:04.704871Z",
			"deleted_at": null,
			"main_name": "Gangnam Industrial Style",
			"aliases": [],
			"source_name": "ETDA:Gangnam Industrial Style",
			"tools": [
				"LOLBAS",
				"LOLBins",
				"LaZagne",
				"Living off the Land",
				"MOVEit Freely",
				"NcFTPPut",
				"Secure FTP Client",
				"Separ"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434443,
	"ts_updated_at": 1775791466,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5a6ee1d6586142fa76af18acc31470cb5fba09a0.pdf",
		"text": "https://archive.orkl.eu/5a6ee1d6586142fa76af18acc31470cb5fba09a0.txt",
		"img": "https://archive.orkl.eu/5a6ee1d6586142fa76af18acc31470cb5fba09a0.jpg"
	}
}