{ "id": "68b18111-db24-49e1-96cf-3ff4d41926e2", "created_at": "2026-04-06T00:11:44.012601Z", "updated_at": "2026-04-10T03:34:54.746764Z", "deleted_at": null, "sha1_hash": "74a0f18cae7e285e7136a6645e1d1ea93f3b1fb7", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49884, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:41:19 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ReZer0\n Tool: ReZer0\nNames ReZer0\nCategory Malware\nType Backdoor\nDescription\n(Qihoo 360) The execution logic of ReZer0 is controlled by hard-coded built-in instructions.\nAccording to different instructions, different malicious functions are executed. Its design logic\nresembles the design method of backdoor programs.\nIn the 360 massive data, we found that ReZer0 has an obvious version identification. In\nconjunction with the above-mentioned large number of instructions used, we speculate that the\nsoftware is still in the development stage, and it will not be ruled out that the program will be\ncontrolled through network communication in the future.\nIn addition to the nature of the backdoor virus, ReZer0 also carries known remote control\nTrojans such as NanoCore RAT and RemcosRAT in the resources.\nInformation Last change to this tool card: 21 May 2020\nDownload this tool card in JSON format\nAll groups using tool ReZer0\nChanged Name Country Observed\nAPT groups\n Vendetta, TA2719 2020\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=866f5133-e682-40cd-bcad-dcf6e2ff10e9\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=866f5133-e682-40cd-bcad-dcf6e2ff10e9\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=866f5133-e682-40cd-bcad-dcf6e2ff10e9\r\nPage 2 of 2\n\nAPT groups Vendetta, TA2719 2020 \n1 group listed (1 APT, 0 other, 0 unknown) \n Page 1 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=866f5133-e682-40cd-bcad-dcf6e2ff10e9" ], "report_names": [ "listgroups.cgi?u=866f5133-e682-40cd-bcad-dcf6e2ff10e9" ], "threat_actors": [ { "id": "40451441-a311-494f-8025-fdbad7a527d4", "created_at": "2024-02-06T02:00:04.114318Z", "updated_at": "2026-04-10T02:00:03.571851Z", "deleted_at": null, "main_name": "TA2719", "aliases": [], "source_name": "MISPGALAXY:TA2719", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "3a0cfbbc-2acf-4cc8-afe1-1859679c522c", "created_at": "2022-10-25T16:07:24.373716Z", "updated_at": "2026-04-10T02:00:04.963615Z", "deleted_at": null, "main_name": "Vendetta", "aliases": [ "TA2719" ], "source_name": "ETDA:Vendetta", "tools": [ "AsyncRAT", "Atros2.CKPN", "Nancrat", "NanoCore", "NanoCore RAT", "ReZer0", "Remcos", "RemcosRAT", "Remvio", "RoboSki", "Socmer", "Zurten" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434304, "ts_updated_at": 1775792094, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/74a0f18cae7e285e7136a6645e1d1ea93f3b1fb7.pdf", "text": "https://archive.orkl.eu/74a0f18cae7e285e7136a6645e1d1ea93f3b1fb7.txt", "img": "https://archive.orkl.eu/74a0f18cae7e285e7136a6645e1d1ea93f3b1fb7.jpg" } }