{ "id": "76f4ca6b-01f1-445e-afc1-31ca45771842", "created_at": "2026-04-06T00:14:51.165262Z", "updated_at": "2026-04-10T03:28:24.284265Z", "deleted_at": null, "sha1_hash": "87b4173beca92b2dbe23feecbdd34e99a261be61", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 50332, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 16:25:29 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Kerberods\n Tool: Kerberods\nNames Kerberods\nCategory Malware\nType Dropper, Worm\nDescription\n(Trend Micro) Kerberods is responsible for dropping the cryptocurrency miner\n(khugepageds, detected as Coinminer.Linux.MALXMR.UWEJI) and its rootkit\ncomponent.\nOne particularly interesting aspect of the binary is the way it drops the rootkit.\nKerberods also has multiple ways of propagating itself, spreading via SSH and exploiting\nCVE-2019-1003001 and CVE-2019-1003000.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 24 April 2021\nDownload this tool card in JSON format\nAll groups using tool Kerberods\nChanged Name Country Observed\nOther groups\n Rocke, Iron Group 2018-Apr 2021\n1 group listed (0 APT, 1 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b2f59574-e769-4655-8b30-28e7c608bf41\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b2f59574-e769-4655-8b30-28e7c608bf41\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b2f59574-e769-4655-8b30-28e7c608bf41\r\nPage 2 of 2\n\nOther groups Rocke, Iron Group 2018-Apr 2021 \n1 group listed (0 APT, 1 other, 0 unknown) \n Page 1 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b2f59574-e769-4655-8b30-28e7c608bf41" ], "report_names": [ "listgroups.cgi?u=b2f59574-e769-4655-8b30-28e7c608bf41" ], "threat_actors": [ { "id": "7c053836-8f50-4d40-bc5c-7088967e1b57", "created_at": "2022-10-25T16:07:24.549525Z", "updated_at": "2026-04-10T02:00:05.03048Z", "deleted_at": null, "main_name": "Rocke", "aliases": [ "Aged Libra", "G0106", "Iron Group", "Rocke" ], "source_name": "ETDA:Rocke", "tools": [ "Godlua", "Kerberods", "LSD", "Pro-Ocean", "Xbash" ], "source_id": "ETDA", "reports": null }, { "id": "5b9d2809-47b7-46a8-ab2d-9687537f1bc7", "created_at": "2023-01-06T13:46:38.804869Z", "updated_at": "2026-04-10T02:00:03.107112Z", "deleted_at": null, "main_name": "Iron Group", "aliases": [ "Iron Cyber Group" ], "source_name": "MISPGALAXY:Iron Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "905eabd9-2b7f-483d-86bd-0c72f96b4162", "created_at": "2023-01-06T13:46:39.02749Z", "updated_at": "2026-04-10T02:00:03.185957Z", "deleted_at": null, "main_name": "Rocke", "aliases": [ "Aged Libra" ], "source_name": "MISPGALAXY:Rocke", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "0b02af5f-2027-42b7-a6f2-51e2fd49ba7f", "created_at": "2022-10-25T15:50:23.360509Z", "updated_at": "2026-04-10T02:00:05.337702Z", "deleted_at": null, "main_name": "Rocke", "aliases": [ "Rocke" ], "source_name": "MITRE:Rocke", "tools": null, "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434491, "ts_updated_at": 1775791704, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/87b4173beca92b2dbe23feecbdd34e99a261be61.pdf", "text": "https://archive.orkl.eu/87b4173beca92b2dbe23feecbdd34e99a261be61.txt", "img": "https://archive.orkl.eu/87b4173beca92b2dbe23feecbdd34e99a261be61.jpg" } }