{
	"id": "6084feec-97b7-4987-b85f-df000dfad554",
	"created_at": "2026-04-06T00:14:12.971213Z",
	"updated_at": "2026-04-10T03:26:17.732413Z",
	"deleted_at": null,
	"sha1_hash": "8631352a98b07a72250f31c952b25167360c89b9",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50820,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:56:39 UTC\n Tool: BetaBot\nNames\nBetaBot\nNeurevt\nCategory Malware\nType Banking trojan, Backdoor, Info stealer, Credential stealer, DDoS, Downloader\nDescription\n(Cybereason) Betabot’s main features include:\n• Browsers Form Grabber\n• FTP and mail client stealer\n• Banker module\n• Running DDOS attacks\n• USB infection module\n• Robust Userland Rootkit (x86/x64)\n• Arbitrary command execution via shell\n• The ability to download additional malware\n• Persistence\n• Crypto-currency miner module (added 2017)\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 01 November 2021\nDownload this tool card in JSON format\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b9940a31-3e91-424f-81f5-e5b36c6b6056\nPage 1 of 2\n\nAll groups using tool BetaBot\r\nChanged Name Country Observed\r\nAPT groups\r\n  RATicate [Unknown] 2019  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\n↑\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b9940a31-3e91-424f-81f5-e5b36c6b6056\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b9940a31-3e91-424f-81f5-e5b36c6b6056\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b9940a31-3e91-424f-81f5-e5b36c6b6056"
	],
	"report_names": [
		"listgroups.cgi?u=b9940a31-3e91-424f-81f5-e5b36c6b6056"
	],
	"threat_actors": [
		{
			"id": "0d07b30c-4393-4071-82fb-22f51f7749e0",
			"created_at": "2022-10-25T16:07:24.097096Z",
			"updated_at": "2026-04-10T02:00:04.865146Z",
			"deleted_at": null,
			"main_name": "RATicate",
			"aliases": [],
			"source_name": "ETDA:RATicate",
			"tools": [
				"AgenTesla",
				"Agent Tesla",
				"AgentTesla",
				"BetaBot",
				"BlackRAT",
				"BlackRemote",
				"Bladabindi",
				"CloudEyE",
				"ForeIT",
				"Formbook",
				"GuLoader",
				"Jorik",
				"Loki",
				"Loki.Rat",
				"LokiBot",
				"LokiPWS",
				"NSIS",
				"Negasteal",
				"NetWeird",
				"NetWire",
				"NetWire RAT",
				"NetWire RC",
				"NetWired RC",
				"Neurevt",
				"Nullsoft Scriptable Install System",
				"Origin Logger",
				"Recam",
				"Remcos",
				"RemcosRAT",
				"Remvio",
				"Socmer",
				"ZPAQ",
				"njRAT",
				"vbdropper",
				"win.xloader"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434452,
	"ts_updated_at": 1775791577,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8631352a98b07a72250f31c952b25167360c89b9.pdf",
		"text": "https://archive.orkl.eu/8631352a98b07a72250f31c952b25167360c89b9.txt",
		"img": "https://archive.orkl.eu/8631352a98b07a72250f31c952b25167360c89b9.jpg"
	}
}