{
	"id": "0f672f59-2f6a-49ed-9b6d-1551eb2e3b60",
	"created_at": "2026-04-06T00:07:55.806177Z",
	"updated_at": "2026-04-10T03:30:43.124104Z",
	"deleted_at": null,
	"sha1_hash": "9cb4d8051aa8920a24c0447b96ec13e12fb4bf5e",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47131,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 19:15:20 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool NewCT2\r\n Tool: NewCT2\r\nNames NewCT2\r\nCategory Malware\r\nType Backdoor, Downloader\r\nDescription\r\n(FireEye) The implant has persistence mechanisms and contains functionality to perform\r\ncommand and control communication. This backdoor also has functionality to load additional\r\nplugins from the command and control server.\r\nInformation\r\n\u003chttps://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-operation-quantum-entanglement.pdf\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool NewCT2\r\nChanged Name Country Observed\r\nAPT groups\r\n  Moafee 2014  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7defb084-1d68-4adf-b6fd-f9efb1bbfc8a\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7defb084-1d68-4adf-b6fd-f9efb1bbfc8a\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7defb084-1d68-4adf-b6fd-f9efb1bbfc8a"
	],
	"report_names": [
		"listgroups.cgi?u=7defb084-1d68-4adf-b6fd-f9efb1bbfc8a"
	],
	"threat_actors": [
		{
			"id": "d7226f71-df4a-405e-9252-f8c4108303ae",
			"created_at": "2022-10-25T15:50:23.325171Z",
			"updated_at": "2026-04-10T02:00:05.413071Z",
			"deleted_at": null,
			"main_name": "Moafee",
			"aliases": [
				"Moafee"
			],
			"source_name": "MITRE:Moafee",
			"tools": [
				"PoisonIvy"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "5ffe400c-6025-44c2-9aa1-7c34a7a192b0",
			"created_at": "2023-01-06T13:46:38.469688Z",
			"updated_at": "2026-04-10T02:00:02.987949Z",
			"deleted_at": null,
			"main_name": "DragonOK",
			"aliases": [
				"Moafee",
				"BRONZE OVERBROOK",
				"G0017",
				"G0002",
				"Shallow Taurus"
			],
			"source_name": "MISPGALAXY:DragonOK",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "c3c08eb0-cced-43ab-b126-fbe0c39a0698",
			"created_at": "2022-10-25T16:07:23.872885Z",
			"updated_at": "2026-04-10T02:00:04.767193Z",
			"deleted_at": null,
			"main_name": "Moafee",
			"aliases": [
				"G0002"
			],
			"source_name": "ETDA:Moafee",
			"tools": [
				"Chymine",
				"Darkmoon",
				"Gen:Trojan.Heur.PT",
				"HTran",
				"HUC Packet Transmit Tool",
				"Mongall",
				"NFlog",
				"NewCT2",
				"Poison Ivy",
				"SPIVY",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434075,
	"ts_updated_at": 1775791843,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9cb4d8051aa8920a24c0447b96ec13e12fb4bf5e.pdf",
		"text": "https://archive.orkl.eu/9cb4d8051aa8920a24c0447b96ec13e12fb4bf5e.txt",
		"img": "https://archive.orkl.eu/9cb4d8051aa8920a24c0447b96ec13e12fb4bf5e.jpg"
	}
}