{
	"id": "42f8c5aa-af77-4a47-a70f-a64c85abb7fd",
	"created_at": "2026-04-06T03:36:01.164239Z",
	"updated_at": "2026-04-10T03:36:07.834027Z",
	"deleted_at": null,
	"sha1_hash": "9801a38d90fd4fc57f43dcc351c414a0bee48a35",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 62515,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 03:31:24 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool SamSam\n Tool: SamSam\nNames\nSamSam\nSamas\nCategory Malware\nType Ransomware, Big Game Hunting\nDescription\n(US-CERT) After gaining access to a particular network, the SamSam actors escalate\nprivileges for administrator rights, drop malware onto the server, and run an executable\nfile, all without victims’ action or authorization. While many ransomware campaigns\nrely on a victim completing an action, such as opening an email or visiting a\ncompromised website, RDP allows cyber actors to infect victims with minimal\ndetection.\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 13 July 2020\nDownload this tool card in JSON format\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bd75f106-8065-4882-b343-73e924e16c99\nPage 1 of 2\n\nAll groups using tool SamSam\r\nChanged Name Country Observed\r\nAPT groups\r\n  Boss Spider, Gold Lowell 2015-Nov 2018\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bd75f106-8065-4882-b343-73e924e16c99\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bd75f106-8065-4882-b343-73e924e16c99\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bd75f106-8065-4882-b343-73e924e16c99"
	],
	"report_names": [
		"listgroups.cgi?u=bd75f106-8065-4882-b343-73e924e16c99"
	],
	"threat_actors": [
		{
			"id": "4116df25-aff6-46ee-a5dd-926254a78e89",
			"created_at": "2023-01-06T13:46:38.894033Z",
			"updated_at": "2026-04-10T02:00:03.137353Z",
			"deleted_at": null,
			"main_name": "BOSS SPIDER",
			"aliases": [
				"GOLD LOWELL"
			],
			"source_name": "MISPGALAXY:BOSS SPIDER",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "1b20199b-07ae-42f1-ad22-bbe2dd471df8",
			"created_at": "2024-06-04T02:03:07.872554Z",
			"updated_at": "2026-04-10T02:00:03.613698Z",
			"deleted_at": null,
			"main_name": "GOLD LOWELL",
			"aliases": [
				"Boss Spider ",
				"CTG-0007 "
			],
			"source_name": "Secureworks:GOLD LOWELL",
			"tools": [
				"Samas"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "eb8697fd-882a-4323-9eb8-8e20222cfd91",
			"created_at": "2022-10-25T16:07:23.416834Z",
			"updated_at": "2026-04-10T02:00:04.589943Z",
			"deleted_at": null,
			"main_name": "Boss Spider",
			"aliases": [
				"Boss Spider",
				"CTG-0007",
				"Gold Lowell"
			],
			"source_name": "ETDA:Boss Spider",
			"tools": [
				"Mimikatz",
				"PsExec",
				"SDelete",
				"SamSam",
				"Samas"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775446561,
	"ts_updated_at": 1775792167,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9801a38d90fd4fc57f43dcc351c414a0bee48a35.pdf",
		"text": "https://archive.orkl.eu/9801a38d90fd4fc57f43dcc351c414a0bee48a35.txt",
		"img": "https://archive.orkl.eu/9801a38d90fd4fc57f43dcc351c414a0bee48a35.jpg"
	}
}