{
	"id": "c4400141-d4ce-46fd-ba22-17313677e544",
	"created_at": "2026-04-06T00:14:37.783345Z",
	"updated_at": "2026-04-10T03:34:17.340965Z",
	"deleted_at": null,
	"sha1_hash": "8d7832e297ba631bee69625caa9be0e413304c6c",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48370,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 14:54:21 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool SharpToken\n Tool: SharpToken\nNames SharpToken\nCategory Exploits\nDescription\n(SentinelLabs) a privilege escalation tool that enables the execution of Windows commands\nwith SYSTEM privileges. The tool also features enumerating user and process information,\nand adding, deleting, or changing the passwords of system users.\nInformation\nLast change to this tool card: 15 February 2023\nDownload this tool card in JSON format\nAll groups using tool SharpToken\nChanged Name Country Observed\nAPT groups\n DragonSpark 2022\n Operation Silent Skimmer [Unknown] 2022\n2 groups listed (2 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fe71f8f6-45b3-45fe-ae3b-35c40f827031\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fe71f8f6-45b3-45fe-ae3b-35c40f827031\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fe71f8f6-45b3-45fe-ae3b-35c40f827031"
	],
	"report_names": [
		"listgroups.cgi?u=fe71f8f6-45b3-45fe-ae3b-35c40f827031"
	],
	"threat_actors": [
		{
			"id": "ad98b6a9-78aa-4375-81c2-55ce04626812",
			"created_at": "2023-10-14T02:03:14.382189Z",
			"updated_at": "2026-04-10T02:00:04.836992Z",
			"deleted_at": null,
			"main_name": "Operation Silent Skimmer",
			"aliases": [],
			"source_name": "ETDA:Operation Silent Skimmer",
			"tools": [
				"Agentemis",
				"BadPotato",
				"Cobalt Strike",
				"CobaltStrike",
				"GodPotato",
				"Godzilla",
				"Godzilla Loader",
				"JuicyPotato",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"PowerShell RAT",
				"SharpToken",
				"SweetPotato",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "235831df-8daf-4a88-945e-db4e7ef06ac6",
			"created_at": "2023-11-17T02:00:07.606121Z",
			"updated_at": "2026-04-10T02:00:03.458263Z",
			"deleted_at": null,
			"main_name": "DragonSpark",
			"aliases": [],
			"source_name": "MISPGALAXY:DragonSpark",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "99aa0795-8936-45db-a397-6d01131fcdcd",
			"created_at": "2023-02-18T02:04:24.085379Z",
			"updated_at": "2026-04-10T02:00:04.654299Z",
			"deleted_at": null,
			"main_name": "DragonSpark",
			"aliases": [],
			"source_name": "ETDA:DragonSpark",
			"tools": [
				"BadPotato",
				"CHINACHOPPER",
				"China Chopper",
				"GotoHTTP",
				"SharpToken",
				"SinoChopper",
				"SparkRAT"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434477,
	"ts_updated_at": 1775792057,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8d7832e297ba631bee69625caa9be0e413304c6c.pdf",
		"text": "https://archive.orkl.eu/8d7832e297ba631bee69625caa9be0e413304c6c.txt",
		"img": "https://archive.orkl.eu/8d7832e297ba631bee69625caa9be0e413304c6c.jpg"
	}
}