{
	"id": "9bcf9ce9-8b2a-4023-a71f-534c0518974a",
	"created_at": "2026-04-06T00:15:30.379676Z",
	"updated_at": "2026-04-10T13:12:24.737085Z",
	"deleted_at": null,
	"sha1_hash": "77fcfedbe3ae812a0e66f6216ae8a0e514954272",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47990,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:15:17 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool SIGTRANslator\n Tool: SIGTRANslator\nNames SIGTRANslator\nCategory Malware\nType Exfiltration, Tunneling\nDescription\n(CrowdStrike) This executable provides LightBasin with the ability to transmit data via\ntelecommunication-specific protocols, while monitoring the data being transmitted.\nSIGTRANslator is a Linux ELF binary capable of sending and receiving data via various\nSIGTRAN protocols, which are used to carry public switched telephone network (PSTN)\nsignaling over IP networks. This signaling data includes valuable metadata such as telephone\nnumbers called by a specific mobile station. Data transmitted to and from SIGTRANslator via\nthese protocols is also sent to a remote C2 host that connects to a port opened by the binary.\nThis allows the remote C2 server to siphon data flowing through the binary and send data to\nSIGTRANslator from the C2 to be re-sent via a SIGTRAN protocol.\nInformation Last change to this tool card: 03 November 2021\nDownload this tool card in JSON format\nAll groups using tool SIGTRANslator\nChanged Name Country Observed\nAPT groups\n LightBasin 2016\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b8f0aab4-4597-4980-ae51-d65bda1e64e4\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b8f0aab4-4597-4980-ae51-d65bda1e64e4\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b8f0aab4-4597-4980-ae51-d65bda1e64e4"
	],
	"report_names": [
		"listgroups.cgi?u=b8f0aab4-4597-4980-ae51-d65bda1e64e4"
	],
	"threat_actors": [
		{
			"id": "ece64b74-f887-4d58-9004-2d1406d37337",
			"created_at": "2022-10-25T16:07:23.794442Z",
			"updated_at": "2026-04-10T02:00:04.751764Z",
			"deleted_at": null,
			"main_name": "LightBasin",
			"aliases": [
				"DecisiveArchitect",
				"Luminal Panda",
				"TH-239",
				"UNC1945"
			],
			"source_name": "ETDA:LightBasin",
			"tools": [
				"CordScan",
				"EVILSUN",
				"FRP",
				"Fast Reverse Proxy",
				"Impacket",
				"LEMONSTICK",
				"LOGBLEACH",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"OKSOLO",
				"OPENSHACKLE",
				"ProxyChains",
				"Pupy",
				"PupyRAT",
				"SIGTRANslator",
				"SLAPSTICK",
				"SMBExec",
				"STEELCORGI",
				"Tiny SHell",
				"pupy",
				"tsh"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "31c0d0e1-f793-4374-90aa-138ea1daea50",
			"created_at": "2023-11-30T02:00:07.29462Z",
			"updated_at": "2026-04-10T02:00:03.482987Z",
			"deleted_at": null,
			"main_name": "LightBasin",
			"aliases": [
				"UNC1945",
				"CL-CRI-0025"
			],
			"source_name": "MISPGALAXY:LightBasin",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434530,
	"ts_updated_at": 1775826744,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/77fcfedbe3ae812a0e66f6216ae8a0e514954272.pdf",
		"text": "https://archive.orkl.eu/77fcfedbe3ae812a0e66f6216ae8a0e514954272.txt",
		"img": "https://archive.orkl.eu/77fcfedbe3ae812a0e66f6216ae8a0e514954272.jpg"
	}
}