{
	"id": "7a42b0a9-858f-4747-ba33-340f547a4f09",
	"created_at": "2026-04-06T00:12:46.495839Z",
	"updated_at": "2026-04-10T13:11:28.831998Z",
	"deleted_at": null,
	"sha1_hash": "8319126d398ee08ec7a87baf72da887e389210a4",
	"title": "3PARA RAT - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48521,
	"plain_text": "3PARA RAT - Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:24:34 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool 3PARA RAT\n Tool: 3PARA RAT\nNames 3PARA RAT\nCategory Malware\nType Backdoor\nDescription\n(CrowdStrike) The 3Para rat was described in some detail in other Crowdstrike\nreporting, which examined a dll-based sample with an exported filename of ssdpsvc.dll.\nOther observed exported filenames are msacem.dll and mrpmsg.dll, although the rat has\nalso been observed in plain executable (EXE) format.\nInformation\nMITRE ATT\u0026CK Last change to this tool card: 22 April 2020\nDownload this tool card in JSON format\nAll groups using tool 3PARA RAT\nChanged Name Country Observed\nAPT groups\n Putter Panda, APT 2 2007\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8ad145c5-3672-44b3-8e81-3a5b0e7e3d1f\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8ad145c5-3672-44b3-8e81-3a5b0e7e3d1f\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8ad145c5-3672-44b3-8e81-3a5b0e7e3d1f"
	],
	"report_names": [
		"listgroups.cgi?u=8ad145c5-3672-44b3-8e81-3a5b0e7e3d1f"
	],
	"threat_actors": [
		{
			"id": "abd17060-62f6-4743-95e8-3f23c82cc229",
			"created_at": "2022-10-25T15:50:23.428772Z",
			"updated_at": "2026-04-10T02:00:05.365894Z",
			"deleted_at": null,
			"main_name": "Putter Panda",
			"aliases": [
				"Putter Panda",
				"APT2",
				"MSUpdater"
			],
			"source_name": "MITRE:Putter Panda",
			"tools": [
				"pngdowner",
				"3PARA RAT",
				"4H RAT",
				"httpclient"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "468b7acd-895c-4c93-b572-b42f4035b4d4",
			"created_at": "2023-01-06T13:46:38.265636Z",
			"updated_at": "2026-04-10T02:00:02.902436Z",
			"deleted_at": null,
			"main_name": "APT2",
			"aliases": [
				"MSUpdater",
				"4HCrew",
				"SearchFire",
				"TG-6952",
				"G0024",
				"PLA Unit 61486",
				"PUTTER PANDA"
			],
			"source_name": "MISPGALAXY:APT2",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "4b066585-3591-4ddd-b3cc-f4e19e0e00ef",
			"created_at": "2022-10-25T16:07:24.086915Z",
			"updated_at": "2026-04-10T02:00:04.862463Z",
			"deleted_at": null,
			"main_name": "Putter Panda",
			"aliases": [
				"4HCrew",
				"APT 2",
				"G0024",
				"Group 36",
				"Putter Panda",
				"SearchFire",
				"TG-6952"
			],
			"source_name": "ETDA:Putter Panda",
			"tools": [
				"3PARA RAT",
				"4H RAT",
				"4h_rat",
				"MSUpdater",
				"httpclient",
				"pngdowner"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434366,
	"ts_updated_at": 1775826688,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8319126d398ee08ec7a87baf72da887e389210a4.pdf",
		"text": "https://archive.orkl.eu/8319126d398ee08ec7a87baf72da887e389210a4.txt",
		"img": "https://archive.orkl.eu/8319126d398ee08ec7a87baf72da887e389210a4.jpg"
	}
}