{
	"id": "c949be91-060e-47c9-8cbe-a8884a5749ff",
	"created_at": "2026-04-06T00:09:31.005311Z",
	"updated_at": "2026-04-10T13:12:57.528295Z",
	"deleted_at": null,
	"sha1_hash": "5e3221e1cc884ccf8727d29965a607755066ba9c",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49781,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 19:58:23 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool UNAPIMON\r\n Tool: UNAPIMON\r\nNames UNAPIMON\r\nCategory Malware\r\nType Loader\r\nDescription\r\n(Trend Micro) Looking at the behavior of UNAPIMON and how it was used in the attack, we\r\ncan infer that its primary purpose is to unhook critical API functions in any child process. For\r\nenvironments that implement API monitoring through hooking such as sandboxing systems,\r\nUNAPIMON will prevent child processes from being monitored. Thus, this malware can allow\r\nany malicious child process to be executed with its behavior undetected.\r\nInformation \u003chttps://www.trendmicro.com/en_us/research/24/d/earth-freybug.html\u003e\r\nLast change to this tool card: 22 April 2024\r\nDownload this tool card in JSON format\r\nAll groups using tool UNAPIMON\r\nChanged Name Country Observed\r\nAPT groups\r\n      ↳ Subgroup: Earth Freybug 2012  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7716ab81-7d3d-4bb6-a614-4d51a273bb3c\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7716ab81-7d3d-4bb6-a614-4d51a273bb3c\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7716ab81-7d3d-4bb6-a614-4d51a273bb3c"
	],
	"report_names": [
		"listgroups.cgi?u=7716ab81-7d3d-4bb6-a614-4d51a273bb3c"
	],
	"threat_actors": [
		{
			"id": "315bd857-79cc-46f2-896f-aeb0fc576b49",
			"created_at": "2024-04-28T02:00:03.693599Z",
			"updated_at": "2026-04-10T02:00:03.62936Z",
			"deleted_at": null,
			"main_name": "Earth Freybug",
			"aliases": [],
			"source_name": "MISPGALAXY:Earth Freybug",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "10e4e1de-afe4-4a62-b46d-07800c801a17",
			"created_at": "2024-04-24T02:02:07.562188Z",
			"updated_at": "2026-04-10T02:00:04.560334Z",
			"deleted_at": null,
			"main_name": "Earth Freybug",
			"aliases": [
				"Earth Freybug"
			],
			"source_name": "ETDA:Earth Freybug",
			"tools": [
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"UNAPIMON"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434171,
	"ts_updated_at": 1775826777,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5e3221e1cc884ccf8727d29965a607755066ba9c.pdf",
		"text": "https://archive.orkl.eu/5e3221e1cc884ccf8727d29965a607755066ba9c.txt",
		"img": "https://archive.orkl.eu/5e3221e1cc884ccf8727d29965a607755066ba9c.jpg"
	}
}