{
	"id": "f262f8bc-613a-4398-91ad-35000ad5d64e",
	"created_at": "2026-04-06T00:06:34.141488Z",
	"updated_at": "2026-04-10T03:29:18.755334Z",
	"deleted_at": null,
	"sha1_hash": "5d2dda7cc748bd8fcf652aa6e591b610ea799e11",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49277,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:37:30 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool DeepCreep\n Tool: DeepCreep\nNames DeepCreep\nCategory Malware\nType Backdoor\nDescription\n(ESET) DeepCreep is a previously undocumented backdoor written in C# that reads\ncommands from a text file stored in Dropbox accounts and can upload or download files to\nand from those accounts. Some versions of DeepCreep have obfuscated strings, some separate\nthe code into DLLs, and some have more or less commands.\nInformation Malpedia Last change to this tool card: 22 June 2023\nDownload this tool card in JSON format\nAll groups using tool DeepCreep\nChanged Name Country Observed\nAPT groups\n Polonium 2022-Sep 2022\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9c832e0d-c878-44f9-8ac0-fe9cdb1712a9\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9c832e0d-c878-44f9-8ac0-fe9cdb1712a9\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9c832e0d-c878-44f9-8ac0-fe9cdb1712a9"
	],
	"report_names": [
		"listgroups.cgi?u=9c832e0d-c878-44f9-8ac0-fe9cdb1712a9"
	],
	"threat_actors": [
		{
			"id": "d866a181-c427-43df-9948-a8010a8fdad6",
			"created_at": "2022-10-27T08:27:13.080609Z",
			"updated_at": "2026-04-10T02:00:05.303153Z",
			"deleted_at": null,
			"main_name": "POLONIUM",
			"aliases": [
				"POLONIUM",
				"Plaid Rain"
			],
			"source_name": "MITRE:POLONIUM",
			"tools": [
				"CreepyDrive",
				"CreepySnail"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6cfeba14-c84e-4606-88b9-c7a7689c450f",
			"created_at": "2022-10-25T16:07:24.06766Z",
			"updated_at": "2026-04-10T02:00:04.857565Z",
			"deleted_at": null,
			"main_name": "Polonium",
			"aliases": [
				"G1005",
				"Incendiary Jackal",
				"Plaid Rain"
			],
			"source_name": "ETDA:Polonium",
			"tools": [
				"CreepyDrive",
				"CreepySnail",
				"DeepCreep",
				"FlipCreep",
				"MegaCreep",
				"PapaCreep",
				"TechnoCreep"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "b7823339-891d-4ded-b01d-1f142a88bc64",
			"created_at": "2023-01-06T13:46:39.381591Z",
			"updated_at": "2026-04-10T02:00:03.308737Z",
			"deleted_at": null,
			"main_name": "POLONIUM",
			"aliases": [
				"GREATRIFT",
				"INCENDIARY JACKAL",
				"Plaid Rain",
				"UNC4453"
			],
			"source_name": "MISPGALAXY:POLONIUM",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775433994,
	"ts_updated_at": 1775791758,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5d2dda7cc748bd8fcf652aa6e591b610ea799e11.pdf",
		"text": "https://archive.orkl.eu/5d2dda7cc748bd8fcf652aa6e591b610ea799e11.txt",
		"img": "https://archive.orkl.eu/5d2dda7cc748bd8fcf652aa6e591b610ea799e11.jpg"
	}
}