{
	"id": "46e05024-e6de-47d2-9f53-7085ab70f2e2",
	"created_at": "2026-04-06T00:21:32.933252Z",
	"updated_at": "2026-04-10T13:13:07.672248Z",
	"deleted_at": null,
	"sha1_hash": "7f65dc47fa90ae304660d97de2df8c5020b728fe",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47330,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:43:35 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Spindest\n Tool: Spindest\nNames\nSpindest\nBackdoor.Apocalipto\nCategory Malware\nType Backdoor\nDescription\n(ThreatConnect) This threat has been identified using a malware implant specifically known as\n“Spindest” or “Backdoor.Apocalipto”. This threat appears to have been in use for some time,\nand has been primarily observed being delivered from URLs on compromised intermediary\nwebsites along with other possibly initial infection vectors such as spearphishing operations.\nThe implant generally uses dynamic command and control (C2) infrastructure.\nInformation\nLast change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool Spindest\nChanged Name Country Observed\nAPT groups\n Nitro, Covert Grove 2011-Jul 2014\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5b61ad4c-e5aa-42ea-98ad-29503fcce266\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5b61ad4c-e5aa-42ea-98ad-29503fcce266\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5b61ad4c-e5aa-42ea-98ad-29503fcce266"
	],
	"report_names": [
		"listgroups.cgi?u=5b61ad4c-e5aa-42ea-98ad-29503fcce266"
	],
	"threat_actors": [
		{
			"id": "9041c438-4bc0-4863-b89c-a32bba33903c",
			"created_at": "2023-01-06T13:46:38.232751Z",
			"updated_at": "2026-04-10T02:00:02.888195Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove"
			],
			"source_name": "MISPGALAXY:Nitro",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a2b44a04-a080-4465-973d-976ce53777de",
			"created_at": "2022-10-25T16:07:23.911791Z",
			"updated_at": "2026-04-10T02:00:04.786538Z",
			"deleted_at": null,
			"main_name": "Nitro",
			"aliases": [
				"Covert Grove",
				"Nitro"
			],
			"source_name": "ETDA:Nitro",
			"tools": [
				"AngryRebel",
				"Backdoor.Apocalipto",
				"Chymine",
				"Darkmoon",
				"Farfli",
				"Gen:Trojan.Heur.PT",
				"Gh0st RAT",
				"Ghost RAT",
				"Moudour",
				"Mydoor",
				"PCClient",
				"PCRat",
				"Poison Ivy",
				"SPIVY",
				"Spindest",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434892,
	"ts_updated_at": 1775826787,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7f65dc47fa90ae304660d97de2df8c5020b728fe.pdf",
		"text": "https://archive.orkl.eu/7f65dc47fa90ae304660d97de2df8c5020b728fe.txt",
		"img": "https://archive.orkl.eu/7f65dc47fa90ae304660d97de2df8c5020b728fe.jpg"
	}
}