{
	"id": "8b5e9286-38f3-45ad-9c64-9acddcda44f3",
	"created_at": "2026-04-06T03:35:39.67934Z",
	"updated_at": "2026-04-10T03:24:56.406593Z",
	"deleted_at": null,
	"sha1_hash": "aad55181518f5f06da9eb9e86aa36240d99b631c",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46395,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 03:19:44 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Pyark\n Tool: Pyark\nNames Pyark\nCategory Malware\nType Backdoor, Info stealer, Exfiltration\nDescription\n(Qihoo 360) The APT-C-43 organization is good at launching attacks using phishing\nemails, and deploys the backdoor program Pyark (Machete) written in python after\ninvading the victim’s machine. The network communication mainly relies on FTP and\nHTTP protocols. After successfully infiltrating the target machine, APT-C-43\norganization monitors the target users, steal sensitive data, etc.\nInformation\nMITRE ATT\u0026CK Malpedia Last change to this tool card: 06 September 2023\nDownload this tool card in JSON format\nAll groups using tool Pyark\nChanged Name Country Observed\nAPT groups\n El Machete [Unknown] 2010-Mar 2022\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dba4597a-ac1c-4d1d-bbe1-647e44e57aec\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dba4597a-ac1c-4d1d-bbe1-647e44e57aec\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dba4597a-ac1c-4d1d-bbe1-647e44e57aec"
	],
	"report_names": [
		"listgroups.cgi?u=dba4597a-ac1c-4d1d-bbe1-647e44e57aec"
	],
	"threat_actors": [
		{
			"id": "d303c77e-0110-471b-a3a6-37fce9ac848d",
			"created_at": "2022-10-25T15:50:23.342452Z",
			"updated_at": "2026-04-10T02:00:05.373848Z",
			"deleted_at": null,
			"main_name": "Machete",
			"aliases": [
				"APT-C-43",
				"El Machete"
			],
			"source_name": "MITRE:Machete",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "ba4f277c-c3da-45e6-a2fb-4ed556dbae64",
			"created_at": "2023-01-06T13:46:38.605117Z",
			"updated_at": "2026-04-10T02:00:03.03665Z",
			"deleted_at": null,
			"main_name": "El Machete",
			"aliases": [
				"G0095",
				"machete-apt",
				"APT-C-43"
			],
			"source_name": "MISPGALAXY:El Machete",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "edc11896-f4f1-4132-9c38-d073ccdcf5b6",
			"created_at": "2022-10-25T16:07:23.576476Z",
			"updated_at": "2026-04-10T02:00:04.674784Z",
			"deleted_at": null,
			"main_name": "El Machete",
			"aliases": [
				"APT-C-43",
				"ATK 97",
				"G0095",
				"Operation HpReact",
				"TAG-NS1",
				"TEMP.Andromeda"
			],
			"source_name": "ETDA:El Machete",
			"tools": [
				"El Machete",
				"ForeIT",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Loki",
				"Loki.Rat",
				"LokiBot",
				"LokiPWS",
				"Pyark"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775446539,
	"ts_updated_at": 1775791496,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/aad55181518f5f06da9eb9e86aa36240d99b631c.pdf",
		"text": "https://archive.orkl.eu/aad55181518f5f06da9eb9e86aa36240d99b631c.txt",
		"img": "https://archive.orkl.eu/aad55181518f5f06da9eb9e86aa36240d99b631c.jpg"
	}
}