{
	"id": "aadb0818-d48f-47a3-a558-7e49d8f8e7c9",
	"created_at": "2026-04-06T01:31:15.113709Z",
	"updated_at": "2026-04-10T03:31:32.363092Z",
	"deleted_at": null,
	"sha1_hash": "6ebe968f36ffa6748ae03e93a357d03c78525d1f",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52723,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 00:31:13 UTC\n APT group: Void Balaur\nNames\nVoid Balaur (Trend Micro)\nRockethack (self given)\nCountry [Unknown]\nMotivation Financial gain\nFirst seen 2017\nDescription\n(Trend Micro) This research looks into a threat actor group that can be considered a\ncybermercenary, but one that prefers to stay in the shadows. To our knowledge, this hacker-for-hire group does not operate out of a physical building, nor does it have a shiny prospectus\nthat describes its services. The group does not try to wriggle out of a difficult position by\njustifying its business, nor is it involved in lawsuits against anybody attempting to report on\ntheir activities. Instead, this group is quite open about what it does: breaking into email\naccounts and social media accounts for money. This threat actor is also involved in selling\nhighly sensitive personal data like cell tower phone logs, passenger flight records, banking\ndata, and passport details.\nObserved\nCountries: Armenia, Australia, Belarus, Belgium, Brazil, Canada, Czech, Egypt, France,\nGermany, India, Italy, Japan, Kazakhstan, Netherlands, New Zealand, Norway, Poland,\nPortugal, Russia, Slovakia, South Africa, Spain, Sweden, Turkey, UAE, UK, Ukraine, USA,\nUzbekistan.\nTools used\nInformation\nLast change to this card: 18 November 2022\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=1f5b4007-33a2-4923-9448-94a92336bb42\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=1f5b4007-33a2-4923-9448-94a92336bb42\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=1f5b4007-33a2-4923-9448-94a92336bb42"
	],
	"report_names": [
		"showcard.cgi?u=1f5b4007-33a2-4923-9448-94a92336bb42"
	],
	"threat_actors": [
		{
			"id": "eed84d1d-a457-43d7-8dba-e41cf7cea6e5",
			"created_at": "2023-01-06T13:46:39.474045Z",
			"updated_at": "2026-04-10T02:00:03.340923Z",
			"deleted_at": null,
			"main_name": "Void Balaur",
			"aliases": [],
			"source_name": "MISPGALAXY:Void Balaur",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "dd5d24e4-366c-4bd4-8587-fc9606a0cff6",
			"created_at": "2022-10-25T16:07:24.383804Z",
			"updated_at": "2026-04-10T02:00:04.969329Z",
			"deleted_at": null,
			"main_name": "Void Balaur",
			"aliases": [
				"Rockethack"
			],
			"source_name": "ETDA:Void Balaur",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439075,
	"ts_updated_at": 1775791892,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6ebe968f36ffa6748ae03e93a357d03c78525d1f.pdf",
		"text": "https://archive.orkl.eu/6ebe968f36ffa6748ae03e93a357d03c78525d1f.txt",
		"img": "https://archive.orkl.eu/6ebe968f36ffa6748ae03e93a357d03c78525d1f.jpg"
	}
}