{
	"id": "0045fb50-f0af-40f2-b519-d0e11e97759e",
	"created_at": "2026-04-06T00:19:26.46902Z",
	"updated_at": "2026-04-10T03:35:16.913658Z",
	"deleted_at": null,
	"sha1_hash": "8a58833c4ecaff21c31c2e01520ed2f4f80b0715",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 54081,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:08:24 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool PuTTY\n Tool: PuTTY\nNames PuTTY\nCategory Tools\nDescription\nPuTTY is an SSH and telnet client, developed originally by Simon Tatham for the\nWindows platform. PuTTY is open source software that is available with source code and\nis developed and supported by a group of volunteers.\nInformation AlienVault OTX Last change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool PuTTY\nChanged Name Country Observed\nAPT groups\n GCMAN 2016\n Parisite, Fox Kitten, Pioneer Kitten 2017-Nov 2020\n2 groups listed (2 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c3924c4d-e5e7-4493-802c-1f384e817cbe\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c3924c4d-e5e7-4493-802c-1f384e817cbe\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c3924c4d-e5e7-4493-802c-1f384e817cbe"
	],
	"report_names": [
		"listgroups.cgi?u=c3924c4d-e5e7-4493-802c-1f384e817cbe"
	],
	"threat_actors": [
		{
			"id": "3b185161-668f-4cac-b930-9482f9706848",
			"created_at": "2022-10-25T16:07:23.670892Z",
			"updated_at": "2026-04-10T02:00:04.706866Z",
			"deleted_at": null,
			"main_name": "GCMAN",
			"aliases": [
				"G0036"
			],
			"source_name": "ETDA:GCMAN",
			"tools": [
				"GCMAN",
				"Meterpreter",
				"VNC",
				"Virtual Network Computing"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "1e408839-27ce-4f52-b7c6-d0a700e54027",
			"created_at": "2023-01-06T13:46:38.479274Z",
			"updated_at": "2026-04-10T02:00:02.991414Z",
			"deleted_at": null,
			"main_name": "GCMAN",
			"aliases": [
				"G0036"
			],
			"source_name": "MISPGALAXY:GCMAN",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2c348851-5036-406b-b2d1-1ca47cfc7523",
			"created_at": "2022-10-25T16:07:24.039861Z",
			"updated_at": "2026-04-10T02:00:04.847961Z",
			"deleted_at": null,
			"main_name": "Parisite",
			"aliases": [
				"Cobalt Foxglove",
				"Fox Kitten",
				"G0117",
				"Lemon Sandstorm",
				"Parisite",
				"Pioneer Kitten",
				"Rubidium",
				"UNC757"
			],
			"source_name": "ETDA:Parisite",
			"tools": [
				"Cobalt",
				"FRP",
				"Fast Reverse Proxy",
				"Invoke the Hash",
				"JuicyPotato",
				"Ngrok",
				"POWSSHNET",
				"Pay2Key",
				"Plink",
				"Port.exe",
				"PuTTY Link",
				"SSHMinion",
				"STSRCheck",
				"Serveo"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "6e3ba400-aee3-4ef3-8fbc-ec07fdbee46c",
			"created_at": "2025-08-07T02:03:24.731268Z",
			"updated_at": "2026-04-10T02:00:03.651425Z",
			"deleted_at": null,
			"main_name": "COBALT FOXGLOVE",
			"aliases": [
				"Fox Kitten ",
				"Lemon Sandstorm ",
				"Parisite ",
				"Pioneer Kitten ",
				"RUBIDIUM ",
				"UNC757 "
			],
			"source_name": "Secureworks:COBALT FOXGLOVE",
			"tools": [
				"Chisel",
				"FRP (Fast Reverse Proxy)",
				"Mimikatz",
				"Ngrok",
				"POWSSHNET",
				"STSRCheck",
				"Servo",
				"n3tw0rm ransomware",
				"pay2key ransomware"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "871acc40-6cbf-4c81-8b40-7f783616afbc",
			"created_at": "2023-01-06T13:46:39.156237Z",
			"updated_at": "2026-04-10T02:00:03.232876Z",
			"deleted_at": null,
			"main_name": "Fox Kitten",
			"aliases": [
				"UNC757",
				"Lemon Sandstorm",
				"RUBIDIUM",
				"PIONEER KITTEN",
				"PARISITE"
			],
			"source_name": "MISPGALAXY:Fox Kitten",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d070e12b-e1ce-4d8d-b5e3-bc71960cc0cb",
			"created_at": "2022-10-25T15:50:23.676504Z",
			"updated_at": "2026-04-10T02:00:05.260839Z",
			"deleted_at": null,
			"main_name": "Fox Kitten",
			"aliases": [
				"Fox Kitten",
				"UNC757",
				"Parisite",
				"Pioneer Kitten",
				"RUBIDIUM",
				"Lemon Sandstorm"
			],
			"source_name": "MITRE:Fox Kitten",
			"tools": [
				"China Chopper",
				"Pay2Key",
				"ngrok",
				"PsExec"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "fc11deee-6db4-46a9-a3d5-c02bb960cc51",
			"created_at": "2022-10-25T15:50:23.277991Z",
			"updated_at": "2026-04-10T02:00:05.400194Z",
			"deleted_at": null,
			"main_name": "GCMAN",
			"aliases": [
				"GCMAN"
			],
			"source_name": "MITRE:GCMAN",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434766,
	"ts_updated_at": 1775792116,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8a58833c4ecaff21c31c2e01520ed2f4f80b0715.pdf",
		"text": "https://archive.orkl.eu/8a58833c4ecaff21c31c2e01520ed2f4f80b0715.txt",
		"img": "https://archive.orkl.eu/8a58833c4ecaff21c31c2e01520ed2f4f80b0715.jpg"
	}
}