{
	"id": "ac1ae7d0-5749-45f7-ae65-f124563f926c",
	"created_at": "2026-04-06T02:11:21.650352Z",
	"updated_at": "2026-04-10T03:24:36.630391Z",
	"deleted_at": null,
	"sha1_hash": "68f72a0bf0b6c852a3f994db093e359a9be465ca",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43943,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 02:02:17 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Ctealer\n Tool: Ctealer\nNames Ctealer\nCategory Malware\nType Info stealer, Credential stealer\nDescription\n(Group-IB) The threat actor also created two custom stealers, dubbed Cucky and Ctealer by\nGroup-IB. When launched on the victims’ device, the stealers are able to steal passwords,\nhistory, logins, and cookies from dozens of web browsers. In this campaign, the threat actors\nalso wrote script that allowed them to transfer their malware to USB devices connected to the\ncompromised machine, and also spread their malware across network shares.\nInformation Last change to this tool card: 15 February 2023\nDownload this tool card in JSON format\nAll groups using tool Ctealer\nChanged Name Country Observed\nAPT groups\n Dark Pink [Unknown] 2022-Feb 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e9a7ee71-bc81-4449-ad9a-cf0e280cf682\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e9a7ee71-bc81-4449-ad9a-cf0e280cf682\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e9a7ee71-bc81-4449-ad9a-cf0e280cf682"
	],
	"report_names": [
		"listgroups.cgi?u=e9a7ee71-bc81-4449-ad9a-cf0e280cf682"
	],
	"threat_actors": [
		{
			"id": "fd4c3ddd-11cc-4192-9c94-ff107d7f8492",
			"created_at": "2023-02-18T02:04:24.06294Z",
			"updated_at": "2026-04-10T02:00:04.644528Z",
			"deleted_at": null,
			"main_name": "Dark Pink",
			"aliases": [
				"Saaiwc Group"
			],
			"source_name": "ETDA:Dark Pink",
			"tools": [
				"Ctealer",
				"Cucky",
				"KamiKakaBot",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"PowerSploit",
				"TelePowerBot",
				"ZMsg"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775441481,
	"ts_updated_at": 1775791476,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/68f72a0bf0b6c852a3f994db093e359a9be465ca.pdf",
		"text": "https://archive.orkl.eu/68f72a0bf0b6c852a3f994db093e359a9be465ca.txt",
		"img": "https://archive.orkl.eu/68f72a0bf0b6c852a3f994db093e359a9be465ca.jpg"
	}
}