{
	"id": "ad666a3b-5219-4f57-bf15-059dcd423cc5",
	"created_at": "2026-04-06T00:18:56.608909Z",
	"updated_at": "2026-04-10T13:12:22.148147Z",
	"deleted_at": null,
	"sha1_hash": "6735b478cd0880d877d2f797cabf2884210c0ba7",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51177,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:44:37 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool KsRemote\n Tool: KsRemote\nNames KsRemote\nCategory Malware\nType Backdoor, Info stealer, Exfiltration\nDescription\n(Malwarebytes) We also found several malicious Android applications we believe are part of\nthe toolset used by this APT group. Malwarebytes detects them as\nAndroid/Trojan.Spy.AndroRat.KSRemote.\nAll these bogus applications contain a jar file named ksremote.jar that provides the RAT\nfunctionality:\n• Recording screen and audio using the phone’ss camera/mic\n• Locating phone with coordinates\n• Stealing phone contacts, call log, SMS, web history\n• Sending SMS messages\nInformation\nMalpedia Last change to this tool card: 10 August 2021\nDownload this tool card in JSON format\nAll groups using tool KsRemote\nChanged Name Country Observed\nAPT groups\n Bronze Highland 2012-Jul 2024\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3eb1ad56-859e-41ef-b3c7-e5474133fce0\nPage 1 of 2\n\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3eb1ad56-859e-41ef-b3c7-e5474133fce0\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3eb1ad56-859e-41ef-b3c7-e5474133fce0\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3eb1ad56-859e-41ef-b3c7-e5474133fce0"
	],
	"report_names": [
		"listgroups.cgi?u=3eb1ad56-859e-41ef-b3c7-e5474133fce0"
	],
	"threat_actors": [
		{
			"id": "f35997d9-ca1e-453f-b968-0e675cc16d97",
			"created_at": "2023-01-06T13:46:39.490819Z",
			"updated_at": "2026-04-10T02:00:03.345364Z",
			"deleted_at": null,
			"main_name": "Evasive Panda",
			"aliases": [
				"BRONZE HIGHLAND"
			],
			"source_name": "MISPGALAXY:Evasive Panda",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "05cb998c-6e81-47f0-9806-ee4fda72fe0a",
			"created_at": "2024-11-01T02:00:52.763555Z",
			"updated_at": "2026-04-10T02:00:05.263997Z",
			"deleted_at": null,
			"main_name": "Daggerfly",
			"aliases": [
				"Daggerfly",
				"Evasive Panda",
				"BRONZE HIGHLAND"
			],
			"source_name": "MITRE:Daggerfly",
			"tools": [
				"PlugX",
				"MgBot",
				"BITSAdmin",
				"MacMa",
				"Nightdoor"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "812f36f8-e82b-41b6-b9ec-0d23ab0ad6b7",
			"created_at": "2023-01-06T13:46:39.413725Z",
			"updated_at": "2026-04-10T02:00:03.31882Z",
			"deleted_at": null,
			"main_name": "BRONZE HIGHLAND",
			"aliases": [
				"Evasive Panda",
				"Daggerfly"
			],
			"source_name": "MISPGALAXY:BRONZE HIGHLAND",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "19ac84cc-bb2d-4e0c-ace0-5a7659d89ac7",
			"created_at": "2022-10-25T16:07:23.422755Z",
			"updated_at": "2026-04-10T02:00:04.592069Z",
			"deleted_at": null,
			"main_name": "Bronze Highland",
			"aliases": [
				"Daggerfly",
				"Digging Taurus",
				"Evasive Panda",
				"Storm Cloud",
				"StormBamboo",
				"TAG-102",
				"TAG-112"
			],
			"source_name": "ETDA:Bronze Highland",
			"tools": [
				"Agentemis",
				"CDDS",
				"CloudScout",
				"Cobalt Strike",
				"CobaltStrike",
				"DazzleSpy",
				"KsRemote",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"MacMa",
				"Macma",
				"MgBot",
				"Mgmbot",
				"NetMM",
				"Nightdoor",
				"OSX.CDDS",
				"POCOSTICK",
				"RELOADEXT",
				"Suzafk",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "4f7d2815-7504-4818-bf8d-bba18161b111",
			"created_at": "2025-08-07T02:03:24.613342Z",
			"updated_at": "2026-04-10T02:00:03.732192Z",
			"deleted_at": null,
			"main_name": "BRONZE HIGHLAND",
			"aliases": [
				"Daggerfly",
				"Daggerfly ",
				"Evasive Panda ",
				"Evasive Panda ",
				"Storm Bamboo "
			],
			"source_name": "Secureworks:BRONZE HIGHLAND",
			"tools": [
				"Cobalt Strike",
				"KsRemote",
				"Macma",
				"MgBot",
				"Nightdoor",
				"PlugX"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434736,
	"ts_updated_at": 1775826742,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6735b478cd0880d877d2f797cabf2884210c0ba7.pdf",
		"text": "https://archive.orkl.eu/6735b478cd0880d877d2f797cabf2884210c0ba7.txt",
		"img": "https://archive.orkl.eu/6735b478cd0880d877d2f797cabf2884210c0ba7.jpg"
	}
}