{
	"id": "0f8ce0b1-3dcc-4e85-b8ac-e29c8ddcf936",
	"created_at": "2026-04-06T00:15:01.293041Z",
	"updated_at": "2026-04-10T03:29:28.474828Z",
	"deleted_at": null,
	"sha1_hash": "876b8f86bf413fc2b38b9f87aa3f3ccbe2180010",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49797,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 20:11:00 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool StrongPity3\r\n Tool: StrongPity3\r\nNames StrongPity3\r\nCategory Malware\r\nType Backdoor, Info stealer, Exfiltration\r\nDescription\r\n(Talos) StrongPity3 is the evolution of StrongPity2, with a few differences. The latter does not\r\nuse libcurl anymore and now uses winhttp to perform all requests to C2. The usage of the\r\nHKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run registry key has a persistence\r\nmechanism that has been replaced by the creation of a service. This service changes its name\r\nfrom package to package. The service executable's only job is to launch the C2 contact module\r\nupon service startup. The remaining malware flow is the same on both versions.\r\nInformation \u003chttps://blog.talosintelligence.com/2020/06/promethium-extends-with-strongpity3.html\u003e\r\nLast change to this tool card: 01 July 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool StrongPity3\r\nChanged Name Country Observed\r\nAPT groups\r\n  Promethium, StrongPity 2012-Nov 2021  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8fa25345-1e8e-47d1-a86f-8c58be2b14b2\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8fa25345-1e8e-47d1-a86f-8c58be2b14b2\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8fa25345-1e8e-47d1-a86f-8c58be2b14b2"
	],
	"report_names": [
		"listgroups.cgi?u=8fa25345-1e8e-47d1-a86f-8c58be2b14b2"
	],
	"threat_actors": [
		{
			"id": "67fbc7d7-ba8e-4258-b53c-9a5d755e1960",
			"created_at": "2022-10-25T16:07:24.077859Z",
			"updated_at": "2026-04-10T02:00:04.860725Z",
			"deleted_at": null,
			"main_name": "Promethium",
			"aliases": [
				"APT-C-41",
				"G0056",
				"Magenta Dust",
				"Promethium",
				"StrongPity"
			],
			"source_name": "ETDA:Promethium",
			"tools": [
				"StrongPity",
				"StrongPity2",
				"StrongPity3",
				"Truvasys"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "cbede712-4cc3-47c6-bf78-92fd9f1beac6",
			"created_at": "2022-10-25T15:50:23.777222Z",
			"updated_at": "2026-04-10T02:00:05.399303Z",
			"deleted_at": null,
			"main_name": "PROMETHIUM",
			"aliases": [
				"PROMETHIUM",
				"StrongPity"
			],
			"source_name": "MITRE:PROMETHIUM",
			"tools": [
				"Truvasys",
				"StrongPity"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "4660477f-333f-4a18-b49b-0b4d7c66d482",
			"created_at": "2023-01-06T13:46:38.511962Z",
			"updated_at": "2026-04-10T02:00:03.007466Z",
			"deleted_at": null,
			"main_name": "PROMETHIUM",
			"aliases": [
				"StrongPity",
				"G0056"
			],
			"source_name": "MISPGALAXY:PROMETHIUM",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434501,
	"ts_updated_at": 1775791768,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/876b8f86bf413fc2b38b9f87aa3f3ccbe2180010.pdf",
		"text": "https://archive.orkl.eu/876b8f86bf413fc2b38b9f87aa3f3ccbe2180010.txt",
		"img": "https://archive.orkl.eu/876b8f86bf413fc2b38b9f87aa3f3ccbe2180010.jpg"
	}
}