{
	"id": "f0abc910-edb5-464e-8372-8c9a1ee6e2c0",
	"created_at": "2026-04-06T00:12:19.459804Z",
	"updated_at": "2026-04-10T13:12:26.98504Z",
	"deleted_at": null,
	"sha1_hash": "96460f759acd7581e11f31cca8a5102fbd9a0f4f",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 59774,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 18:33:39 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool JRat\n Tool: JRat\nNames\nJRat\nJacksbot\nCategory Malware\nType Backdoor\nDescription\n(Electronic Frontier Foundation) One of the common malware samples used over the course of\nOperation Manul is known as JRat or Jacksbot. JRat is a commercially available remote access\ntool (RAT), written in Java. JRat is currently available for purchase at jrat[.]io for the price of\n$40USD. JRat has been continuously developed for the last four years, seemingly by a single\ndeveloper who goes by the name “redp0ison”. While JRat itself is closed source, many\nmodules and helpful utilities are open source and are available on github.\nInformation\nMalpedia Last change to this tool card: 24 April 2021\nDownload this tool card in JSON format\nAll groups using tool JRat\nChanged Name Country Observed\nAPT groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c9a2dfe0-4dca-44f4-a310-08d7efe3e726\nPage 1 of 2\n\nOperation Manul 2015  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c9a2dfe0-4dca-44f4-a310-08d7efe3e726\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c9a2dfe0-4dca-44f4-a310-08d7efe3e726\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c9a2dfe0-4dca-44f4-a310-08d7efe3e726"
	],
	"report_names": [
		"listgroups.cgi?u=c9a2dfe0-4dca-44f4-a310-08d7efe3e726"
	],
	"threat_actors": [
		{
			"id": "d4347dfe-2489-4fe4-8097-f4be33aadac2",
			"created_at": "2022-10-25T16:07:23.973289Z",
			"updated_at": "2026-04-10T02:00:04.815324Z",
			"deleted_at": null,
			"main_name": "Operation Manul",
			"aliases": [],
			"source_name": "ETDA:Operation Manul",
			"tools": [
				"Bandok",
				"Bandook",
				"JRat",
				"Jacksbot"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "bbf66d2d-3d20-4026-a2b5-56b31eb65de4",
			"created_at": "2025-08-07T02:03:25.123407Z",
			"updated_at": "2026-04-10T02:00:03.668131Z",
			"deleted_at": null,
			"main_name": "ZINC EMERSON",
			"aliases": [
				"Confucius ",
				"Dropping Elephant ",
				"EHDevel ",
				"Manul ",
				"Monsoon ",
				"Operation Hangover ",
				"Patchwork ",
				"TG-4410 ",
				"Viceroy Tiger "
			],
			"source_name": "Secureworks:ZINC EMERSON",
			"tools": [
				"Enlighten Infostealer",
				"Hanove",
				"Mac OS X KitM Spyware",
				"Proyecto2",
				"YTY Backdoor"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434339,
	"ts_updated_at": 1775826746,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/96460f759acd7581e11f31cca8a5102fbd9a0f4f.pdf",
		"text": "https://archive.orkl.eu/96460f759acd7581e11f31cca8a5102fbd9a0f4f.txt",
		"img": "https://archive.orkl.eu/96460f759acd7581e11f31cca8a5102fbd9a0f4f.jpg"
	}
}