{
	"id": "f1e8679c-ebc7-4878-bdf4-4007d30c30ad",
	"created_at": "2026-04-06T00:14:42.149957Z",
	"updated_at": "2026-04-10T03:23:18.096011Z",
	"deleted_at": null,
	"sha1_hash": "a64a59a956357b3c7b729fc833639fe23c41792c",
	"title": "Brave Prince - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48015,
	"plain_text": "Brave Prince - Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 12:59:08 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Brave Prince\n Tool: Brave Prince\nNames Brave Prince\nCategory Malware\nType Reconnaissance, Backdoor\nDescription\n(McAfee) Brave Prince is a Korean-language implant that contains similar code and\nbehavior to the Gold Dragon variants, specifically the system profiling and control\nserver communication mechanism. The malware gathers detailed logs about the victim’s\nconfiguration, contents of the hard drive, registry, scheduled tasks, running processes,\nand more. Brave Prince was first observed in the wild December 13, 2017, sending logs\nto the attacker via South Korea’s Daum email service. Later variants posted the data to a\nweb server via an HTTP post command, in the same way that Gold Dragon does.\nInformation\nMITRE ATT\u0026CK Last change to this tool card: 22 April 2020\nDownload this tool card in JSON format\nAll groups using tool Brave Prince\nChanged Name Country Observed\nAPT groups\n Hades 2017-Oct 2020\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=013caf25-e9ef-4511-8111-db7cdb7978c1\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=013caf25-e9ef-4511-8111-db7cdb7978c1\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=013caf25-e9ef-4511-8111-db7cdb7978c1\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=013caf25-e9ef-4511-8111-db7cdb7978c1"
	],
	"report_names": [
		"listgroups.cgi?u=013caf25-e9ef-4511-8111-db7cdb7978c1"
	],
	"threat_actors": [
		{
			"id": "8670f370-1865-4264-9a1b-0dfe7617c329",
			"created_at": "2022-10-25T16:07:23.69953Z",
			"updated_at": "2026-04-10T02:00:04.716126Z",
			"deleted_at": null,
			"main_name": "Hades",
			"aliases": [
				"Operation TrickyMouse"
			],
			"source_name": "ETDA:Hades",
			"tools": [
				"Brave Prince",
				"Gold Dragon",
				"GoldDragon",
				"Lovexxx",
				"Olympic Destroyer",
				"Running RAT",
				"RunningRAT",
				"SOURGRAPE",
				"running_rat"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434482,
	"ts_updated_at": 1775791398,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a64a59a956357b3c7b729fc833639fe23c41792c.pdf",
		"text": "https://archive.orkl.eu/a64a59a956357b3c7b729fc833639fe23c41792c.txt",
		"img": "https://archive.orkl.eu/a64a59a956357b3c7b729fc833639fe23c41792c.jpg"
	}
}