{ "id": "e661aa0a-7985-469f-8c37-c6e00a6a80f7", "created_at": "2026-04-06T00:21:26.26813Z", "updated_at": "2026-04-10T03:35:26.995788Z", "deleted_at": null, "sha1_hash": "5d133fab312cf6396f660c36586c76ee33e6a554", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49359, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 17:59:23 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Yasso\n Tool: Yasso\nNames Yasso\nCategory Malware\nType Vulnerability scanner\nDescription\n(Palo Alto) The emergence of a relatively new penetration testing tool set, Yasso, marked a\nshift in the tactics employed by TGR-STA-0043. This tool set encompassed a range of\nfunctionalities, including the following:\n• Scanning\n• Brute forcing\n• Remote interactive shell capabilities\n• Arbitrary command execution\nWhat set Yasso apart was its unique feature set, incorporating powerful SQL penetration\nfunctions and database capabilities. Until the time of this article, this had not been publicly\nreported as being used in the wild by another threat actor.\nInformation Malpedia Last change to this tool card: 19 June 2024\nDownload this tool card in JSON format\nAll groups using tool Yasso\nChanged Name Country Observed\nAPT groups\n Operation Diplomatic Specter 2022\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e81dcaa1-8cf8-4f16-9446-67447a7f55a7\nPage 1 of 2\n\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e81dcaa1-8cf8-4f16-9446-67447a7f55a7\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e81dcaa1-8cf8-4f16-9446-67447a7f55a7\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e81dcaa1-8cf8-4f16-9446-67447a7f55a7" ], "report_names": [ "listgroups.cgi?u=e81dcaa1-8cf8-4f16-9446-67447a7f55a7" ], "threat_actors": [ { "id": "ffc66b49-9396-46af-966f-9376c4315f32", "created_at": "2023-11-21T02:00:07.339061Z", "updated_at": "2026-04-10T02:00:03.462317Z", "deleted_at": null, "main_name": "CL-STA-0043", "aliases": [ "TGR-STA-0043" ], "source_name": "MISPGALAXY:CL-STA-0043", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "cff2cedd-a198-4e79-ae67-19048084ae7f", "created_at": "2024-06-20T02:02:09.945126Z", "updated_at": "2026-04-10T02:00:04.79991Z", "deleted_at": null, "main_name": "Operation Diplomatic Specter", "aliases": [ "CL-STA-0043", "TGR-STA-0043" ], "source_name": "ETDA:Operation Diplomatic Specter", "tools": [ "Agent Racoon", "Agent.dhwf", "AngryRebel", "CHINACHOPPER", "China Chopper", "Destroy RAT", "DestroyRAT", "Farfli", "Gh0st RAT", "Ghost RAT", "HTran", "HUC Packet Transmit Tool", "JuicyPotatoNG", "Kaba", "Korplug", "LadonGo", "Mimikatz", "Mimilite", "Moudour", "Mydoor", "NBTscan", "Ntospy", "PCRat", "PlugX", "RedDelta", "SharpEfsPotato", "SinoChopper", "Sogu", "SweetSpecter", "TIGERPLUG", "TVT", "Thoper", "TunnelSpecter", "Xamtrav", "Yasso", "nbtscan" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434886, "ts_updated_at": 1775792126, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5d133fab312cf6396f660c36586c76ee33e6a554.pdf", "text": "https://archive.orkl.eu/5d133fab312cf6396f660c36586c76ee33e6a554.txt", "img": "https://archive.orkl.eu/5d133fab312cf6396f660c36586c76ee33e6a554.jpg" } }