{
	"id": "ae803bd2-1d77-4f57-87b7-a0733f9fdaf1",
	"created_at": "2026-04-06T00:14:14.197989Z",
	"updated_at": "2026-04-10T13:12:50.916758Z",
	"deleted_at": null,
	"sha1_hash": "695983acc287f5b5bcb6164948f7997fb86c7809",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 30274,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 17:27:29 UTC\r\nDescription(VirusTotal) The GandCrab ransomware, which is no longer active, was actively distributed for a little\r\nover a year. GandCrab variants caused a great deal of damage worldwide, including in South Korea.\r\nThe GandCrab ransomware shares an interesting history with AhnLab. Like many other examples of ransomware,\r\nGandCrab searches for any running or pre-installed anti‑malware program and when it finds one it interferes with\r\nits normal execution and shuts it down. However, when it came to AhnLab, GandCrab went the extra mile,\r\nspecifically targeting the company and its anti-malware program V3 Lite by mentioning it in its code. It even\r\nrevealed a vulnerability in the security program and made attempts to delete it entirely.\r\nTo effectively respond to and protect against GandCrab attacks, the AhnLab Security Analysis Team analysed\r\nGandCrab and all its different versions by thoroughly investigating the distributed code, encryption method,\r\nrestoration method, and the evasive method it used to avoid behaviour-based detection. Each time a new attack\r\nfeature targeting AhnLab and V3 was identified, the company’s product developers promptly addressed it to\r\nensure maximum security.\r\nThe interesting conflict between AhnLab and the GandCrab ransomware was widely discussed in the IT security\r\nindustry. However, the details that were revealed at the time were only the tip of the iceberg, with more details\r\nbeing kept private for reasons of confidentiality.\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0b2b37bc-8665-4409-90a2-35a56aec7341\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0b2b37bc-8665-4409-90a2-35a56aec7341\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0b2b37bc-8665-4409-90a2-35a56aec7341"
	],
	"report_names": [
		"listgroups.cgi?u=0b2b37bc-8665-4409-90a2-35a56aec7341"
	],
	"threat_actors": [],
	"ts_created_at": 1775434454,
	"ts_updated_at": 1775826770,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/695983acc287f5b5bcb6164948f7997fb86c7809.pdf",
		"text": "https://archive.orkl.eu/695983acc287f5b5bcb6164948f7997fb86c7809.txt",
		"img": "https://archive.orkl.eu/695983acc287f5b5bcb6164948f7997fb86c7809.jpg"
	}
}