{
	"id": "f6124629-9678-432f-a5d7-b7d25096606c",
	"created_at": "2026-04-06T00:11:03.798415Z",
	"updated_at": "2026-04-10T03:30:57.845761Z",
	"deleted_at": null,
	"sha1_hash": "72e02c6b9e66ecf5d4af45947c091ecfb962e487",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45632,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 20:14:16 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool NPS\r\n Tool: NPS\r\nNames NPS\r\nCategory Tools\r\nType Backdoor\r\nDescription\r\nNPS is a lightweight, high-performance, powerful intranet penetration proxy server, with a\r\npowerful web management terminal.\r\nInformation \u003chttps://github.com/ehang-io/nps\u003e\r\nLast change to this tool card: 17 February 2023\r\nDownload this tool card in JSON format\r\nAll groups using tool NPS\r\nChanged Name Country Observed\r\nAPT groups\r\n  Dalbit 2022  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4e37b168-22eb-44c2-b92c-b2b7aca4b79c\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4e37b168-22eb-44c2-b92c-b2b7aca4b79c\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4e37b168-22eb-44c2-b92c-b2b7aca4b79c"
	],
	"report_names": [
		"listgroups.cgi?u=4e37b168-22eb-44c2-b92c-b2b7aca4b79c"
	],
	"threat_actors": [
		{
			"id": "bcf899bb-34bb-43e1-929d-02bc91974f2a",
			"created_at": "2023-02-18T02:04:24.050644Z",
			"updated_at": "2026-04-10T02:00:04.639142Z",
			"deleted_at": null,
			"main_name": "Dalbit",
			"aliases": [],
			"source_name": "ETDA:Dalbit",
			"tools": [
				"ASPXSpy",
				"ASPXTool",
				"Agentemis",
				"AntSword",
				"BadPotato",
				"BlueShell",
				"CHINACHOPPER",
				"China Chopper",
				"Cobalt Strike",
				"CobaltStrike",
				"EFSPotato",
				"FRP",
				"Fast Reverse Proxy",
				"Godzilla",
				"Godzilla Loader",
				"HTran",
				"HUC Packet Transmit Tool",
				"JuicyPotato",
				"LadonGo",
				"Metasploit",
				"Mimikatz",
				"NPS",
				"ProcDump",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"RottenPotato",
				"SinoChopper",
				"SweetPotato",
				"cobeacon",
				"reGeorg"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "7cf4ec85-806f-4fd7-855a-6669ed381bf5",
			"created_at": "2023-11-08T02:00:07.176033Z",
			"updated_at": "2026-04-10T02:00:03.435082Z",
			"deleted_at": null,
			"main_name": "Dalbit",
			"aliases": [],
			"source_name": "MISPGALAXY:Dalbit",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434263,
	"ts_updated_at": 1775791857,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/72e02c6b9e66ecf5d4af45947c091ecfb962e487.pdf",
		"text": "https://archive.orkl.eu/72e02c6b9e66ecf5d4af45947c091ecfb962e487.txt",
		"img": "https://archive.orkl.eu/72e02c6b9e66ecf5d4af45947c091ecfb962e487.jpg"
	}
}