{
	"id": "773b1e49-4878-4420-bd4c-eaeb8f15edc4",
	"created_at": "2026-04-06T01:31:24.356778Z",
	"updated_at": "2026-04-10T13:11:38.938908Z",
	"deleted_at": null,
	"sha1_hash": "a1216d13733fbba31df62d3fb50d619a05a46652",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47022,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 00:29:43 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Mimilite\n Tool: Mimilite\nNames Mimilite\nCategory Malware\nType Keylogger\nDescription\n(Palo Alto) Another tool used for gathering credentials and sensitive information is a\ncustomized version of the well-known Mimikatz tool that, according to references within the\nsample, the threat actor calls Mimilite.\nInformation Last change to this tool card: 19 June 2024\nDownload this tool card in JSON format\nAll groups using tool Mimilite\nChanged Name Country Observed\nAPT groups\n Operation Diplomatic Specter 2022\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1e6f9093-6741-48d6-8e85-097b2208bd16\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1e6f9093-6741-48d6-8e85-097b2208bd16\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=1e6f9093-6741-48d6-8e85-097b2208bd16"
	],
	"report_names": [
		"listgroups.cgi?u=1e6f9093-6741-48d6-8e85-097b2208bd16"
	],
	"threat_actors": [
		{
			"id": "cff2cedd-a198-4e79-ae67-19048084ae7f",
			"created_at": "2024-06-20T02:02:09.945126Z",
			"updated_at": "2026-04-10T02:00:04.79991Z",
			"deleted_at": null,
			"main_name": "Operation Diplomatic Specter",
			"aliases": [
				"CL-STA-0043",
				"TGR-STA-0043"
			],
			"source_name": "ETDA:Operation Diplomatic Specter",
			"tools": [
				"Agent Racoon",
				"Agent.dhwf",
				"AngryRebel",
				"CHINACHOPPER",
				"China Chopper",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"HTran",
				"HUC Packet Transmit Tool",
				"JuicyPotatoNG",
				"Kaba",
				"Korplug",
				"LadonGo",
				"Mimikatz",
				"Mimilite",
				"Moudour",
				"Mydoor",
				"NBTscan",
				"Ntospy",
				"PCRat",
				"PlugX",
				"RedDelta",
				"SharpEfsPotato",
				"SinoChopper",
				"Sogu",
				"SweetSpecter",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"TunnelSpecter",
				"Xamtrav",
				"Yasso",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439084,
	"ts_updated_at": 1775826698,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a1216d13733fbba31df62d3fb50d619a05a46652.pdf",
		"text": "https://archive.orkl.eu/a1216d13733fbba31df62d3fb50d619a05a46652.txt",
		"img": "https://archive.orkl.eu/a1216d13733fbba31df62d3fb50d619a05a46652.jpg"
	}
}