{
	"id": "6fbc9918-2581-4642-a0d8-7b394867347d",
	"created_at": "2026-04-06T00:09:52.808956Z",
	"updated_at": "2026-04-10T03:31:51.411372Z",
	"deleted_at": null,
	"sha1_hash": "a33f95d29d9fa54f6dfc747678ca9f465cd3b579",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47644,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 15:48:05 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool NCAT\r\n Tool: NCAT\r\nNames NCAT\r\nCategory Tools\r\nType Backdoor, Downloader, Exfiltration\r\nDescription\r\n(Mandiant) NCAT is a command-line networking utility that was written for the nmap Project\r\nto perform a wide-variety of security and administration tasks. While NCAT may be used for\r\nlegitimate purposes, threat actors may also use it to upload or download files, create backdoors\r\nor reverse shells, and tunnel traffic to evade network controls.\r\nInformation \u003chttps://www.mandiant.com/resources/blog/china-nexus-espionage-southeast-asia\u003e\r\nLast change to this tool card: 27 December 2022\r\nDownload this tool card in JSON format\r\nAll groups using tool NCAT\r\nChanged Name Country Observed\r\nAPT groups\r\n  UNC4191 2022  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=987fa6b4-47cb-40ce-9162-bae3c3781e7a\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=987fa6b4-47cb-40ce-9162-bae3c3781e7a\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=987fa6b4-47cb-40ce-9162-bae3c3781e7a"
	],
	"report_names": [
		"listgroups.cgi?u=987fa6b4-47cb-40ce-9162-bae3c3781e7a"
	],
	"threat_actors": [
		{
			"id": "d61cd7ed-6d16-491f-90a1-6323aae8f67f",
			"created_at": "2022-12-27T17:02:23.610663Z",
			"updated_at": "2026-04-10T02:00:04.9586Z",
			"deleted_at": null,
			"main_name": "UNC4191",
			"aliases": [],
			"source_name": "ETDA:UNC4191",
			"tools": [
				"BLUEHAZE",
				"DARKDEW",
				"HIUPAN",
				"MISTCLOAK",
				"NCAT"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "b0f6e3c5-5424-463a-ada3-532ca52e5940",
			"created_at": "2023-11-17T02:00:07.60381Z",
			"updated_at": "2026-04-10T02:00:03.45747Z",
			"deleted_at": null,
			"main_name": "UNC4191",
			"aliases": [],
			"source_name": "MISPGALAXY:UNC4191",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434192,
	"ts_updated_at": 1775791911,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a33f95d29d9fa54f6dfc747678ca9f465cd3b579.pdf",
		"text": "https://archive.orkl.eu/a33f95d29d9fa54f6dfc747678ca9f465cd3b579.txt",
		"img": "https://archive.orkl.eu/a33f95d29d9fa54f6dfc747678ca9f465cd3b579.jpg"
	}
}