{
	"id": "aaf1b724-1a2f-46ed-aaf1-b988d104a12a",
	"created_at": "2026-04-06T00:16:25.145174Z",
	"updated_at": "2026-04-10T03:25:29.888917Z",
	"deleted_at": null,
	"sha1_hash": "99c51a28e11ddcf015937583ce8918732553de53",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 53066,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 15:32:40 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool PAExec\n Tool: PAExec\nNames PAExec\nCategory Tools\nType Remote command\nDescription\nMicrosoft's PsExec tool (originally by SysInternal's Mark Russinovich) is a favorite of system\nadministrators everywhere. It just has one tiny flaw: PsExec can not be redistributed.\nWe needed something that we could ship, and not finding a suitable replacement, decided to\nwrite our own.\nInformation Last change to this tool card: 02 November 2021\nDownload this tool card in JSON format\nAll groups using tool PAExec\nChanged Name Country Observed\nAPT groups\n MalKamak 2018\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4a0d961e-e354-46f3-97e7-50a10a7d7c09\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4a0d961e-e354-46f3-97e7-50a10a7d7c09\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=4a0d961e-e354-46f3-97e7-50a10a7d7c09"
	],
	"report_names": [
		"listgroups.cgi?u=4a0d961e-e354-46f3-97e7-50a10a7d7c09"
	],
	"threat_actors": [
		{
			"id": "8205484f-7cf2-4b43-b2de-c1a500ae310e",
			"created_at": "2022-10-25T16:07:23.861533Z",
			"updated_at": "2026-04-10T02:00:04.764666Z",
			"deleted_at": null,
			"main_name": "MalKamak",
			"aliases": [
				"Operation GhostShell"
			],
			"source_name": "ETDA:MalKamak",
			"tools": [
				"PAExec",
				"SafetyKatz",
				"ShellClient",
				"WinRAR"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "7261dbea-1283-4a30-8da6-c30ccfc25024",
			"created_at": "2023-11-30T02:00:07.289432Z",
			"updated_at": "2026-04-10T02:00:03.481506Z",
			"deleted_at": null,
			"main_name": "MalKamak",
			"aliases": [],
			"source_name": "MISPGALAXY:MalKamak",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434585,
	"ts_updated_at": 1775791529,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/99c51a28e11ddcf015937583ce8918732553de53.pdf",
		"text": "https://archive.orkl.eu/99c51a28e11ddcf015937583ce8918732553de53.txt",
		"img": "https://archive.orkl.eu/99c51a28e11ddcf015937583ce8918732553de53.jpg"
	}
}