{
	"id": "32e66c96-febf-4557-b9af-48bd4a39c43f",
	"created_at": "2026-04-06T00:11:35.085536Z",
	"updated_at": "2026-04-10T13:12:06.571407Z",
	"deleted_at": null,
	"sha1_hash": "95274eb1a89673c9b732b546c3642e1e262d181a",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47992,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:17:26 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ShimRAT\n Tool: ShimRAT\nNames\nShimRAT\nShim RAT\nCategory Malware\nType Backdoor, Info stealer, Exfiltration\nDescription\n(Fox-IT) ShimRat is a custom developed piece of malware known as a ‘RAT’, Remote\nAdministration Tool. It has among others standard capabilities for filesystem\ninteraction.The malware was originally built in 2012 and its features were expanded\nover the years. The artifacts left in the first samples, are a good indicator that the project\nhas been started in 2012. Multiple pdB paths were seen in the early versions of ShimRat.\nThese PDB paths are not visible in the latest versions of ShimRat, due to how the\nsamples are prepared. The PDB paths are either stripped or filled with different paths.\nInformation\nMITRE ATT\u0026CK Malpedia Last change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool ShimRAT\nChanged Name Country Observed\nAPT groups\n Whitefly, Mofang [Unknown] 2012-Jul 2018\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aac889bc-4215-404b-afa4-343364ff8cd4\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aac889bc-4215-404b-afa4-343364ff8cd4\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aac889bc-4215-404b-afa4-343364ff8cd4\r\nPage 2 of 2\n\nAPT groups Whitefly, Mofang [Unknown] 2012-Jul 2018\n1 group listed (1 APT, 0 other, 0 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=aac889bc-4215-404b-afa4-343364ff8cd4"
	],
	"report_names": [
		"listgroups.cgi?u=aac889bc-4215-404b-afa4-343364ff8cd4"
	],
	"threat_actors": [
		{
			"id": "ad5c6ff2-0646-4b29-88bb-d88c75e4866d",
			"created_at": "2022-10-25T15:50:23.662882Z",
			"updated_at": "2026-04-10T02:00:05.385067Z",
			"deleted_at": null,
			"main_name": "Whitefly",
			"aliases": [
				"Whitefly"
			],
			"source_name": "MITRE:Whitefly",
			"tools": [
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "cd9f8d91-c55c-4086-a1a0-23e78d194d46",
			"created_at": "2023-01-06T13:46:38.943454Z",
			"updated_at": "2026-04-10T02:00:03.153969Z",
			"deleted_at": null,
			"main_name": "Whitefly",
			"aliases": [],
			"source_name": "MISPGALAXY:Whitefly",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a2939cf7-76f8-4080-9ba1-42ccb4016b3b",
			"created_at": "2022-10-25T15:50:23.53328Z",
			"updated_at": "2026-04-10T02:00:05.372938Z",
			"deleted_at": null,
			"main_name": "Mofang",
			"aliases": [
				"Mofang"
			],
			"source_name": "MITRE:Mofang",
			"tools": [
				"ShimRatReporter",
				"ShimRat"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "db318f04-09e6-4c57-b0e9-3f71f0b2de94",
			"created_at": "2023-01-06T13:46:38.648954Z",
			"updated_at": "2026-04-10T02:00:03.054266Z",
			"deleted_at": null,
			"main_name": "Mofang",
			"aliases": [
				"BRONZE WALKER"
			],
			"source_name": "MISPGALAXY:Mofang",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "df9bfbf1-bb9d-492f-b381-95b9e1482267",
			"created_at": "2022-10-25T16:07:24.394491Z",
			"updated_at": "2026-04-10T02:00:04.973663Z",
			"deleted_at": null,
			"main_name": "Whitefly",
			"aliases": [
				"ATK 83",
				"Bronze Walker",
				"G0103",
				"G0107",
				"Mofang",
				"SectorM04",
				"TEMP.Mimic"
			],
			"source_name": "ETDA:Whitefly",
			"tools": [
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Mimikatz",
				"Nibatad",
				"Shim RAT",
				"ShimRAT",
				"Vcrodat"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "728d2c2c-c4af-4cdc-8723-5d3aa97924a8",
			"created_at": "2024-05-01T02:03:08.002557Z",
			"updated_at": "2026-04-10T02:00:03.669852Z",
			"deleted_at": null,
			"main_name": "BRONZE WALKER",
			"aliases": [
				"CTG-2810 ",
				"Mofang "
			],
			"source_name": "Secureworks:BRONZE WALKER",
			"tools": [
				"ShimRat",
				"Superman"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434295,
	"ts_updated_at": 1775826726,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/95274eb1a89673c9b732b546c3642e1e262d181a.pdf",
		"text": "https://archive.orkl.eu/95274eb1a89673c9b732b546c3642e1e262d181a.txt",
		"img": "https://archive.orkl.eu/95274eb1a89673c9b732b546c3642e1e262d181a.jpg"
	}
}