{
	"id": "f60f05be-8667-4b79-a370-38207bf7d722",
	"created_at": "2026-04-06T00:07:55.335849Z",
	"updated_at": "2026-04-10T13:11:50.374158Z",
	"deleted_at": null,
	"sha1_hash": "acbacd38520f166964d143bb424a7caada907f1e",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51191,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:14:12 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Kelihos\n Tool: Kelihos\nNames\nKelihos\nWaledac\nHlux\nCategory Malware\nType Botnet, Downloader\nDescription\n(CrowdStrike) For several years, pump-and-dump stock scams, dating ruses, credential\nphishing, money mule recruitment and rogue online pharmacy advertisements were the most\ncommon spam themes. In 2017, however, Kelihos was frequently used to spread other\nmalware such as Luminosity RAT, Zyklon HTTP, Neutrino, Nymaim, Gozi ISFB, Zeus Panda,\nKronos, and TrickBot. It was also observed spreading ransomware families including Shade,\nCerber, and FileCrypt2.\nInformation\nMalpedia\nLast change to this tool card: 16 May 2020\nDownload this tool card in JSON format\nAll groups using tool Kelihos\nChanged Name Country Observed\nOther groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=249447a1-e003-487a-a089-4d79aa1cde84\nPage 1 of 2\n\nZombie Spider 2010-Jun 2021\r\n1 group listed (0 APT, 1 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=249447a1-e003-487a-a089-4d79aa1cde84\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=249447a1-e003-487a-a089-4d79aa1cde84\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=249447a1-e003-487a-a089-4d79aa1cde84"
	],
	"report_names": [
		"listgroups.cgi?u=249447a1-e003-487a-a089-4d79aa1cde84"
	],
	"threat_actors": [
		{
			"id": "e312df00-4c6f-44c3-b717-4b72800c7697",
			"created_at": "2023-01-06T13:46:39.03345Z",
			"updated_at": "2026-04-10T02:00:03.190159Z",
			"deleted_at": null,
			"main_name": "ZOMBIE SPIDER",
			"aliases": [],
			"source_name": "MISPGALAXY:ZOMBIE SPIDER",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "3c3ca3f2-9a6a-463e-869c-e9bf02d398d7",
			"created_at": "2022-10-25T16:07:24.59432Z",
			"updated_at": "2026-04-10T02:00:05.047762Z",
			"deleted_at": null,
			"main_name": "Zombie Spider",
			"aliases": [],
			"source_name": "ETDA:Zombie Spider",
			"tools": [
				"Hlux",
				"Kelihos",
				"Waledac"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434075,
	"ts_updated_at": 1775826710,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/acbacd38520f166964d143bb424a7caada907f1e.pdf",
		"text": "https://archive.orkl.eu/acbacd38520f166964d143bb424a7caada907f1e.txt",
		"img": "https://archive.orkl.eu/acbacd38520f166964d143bb424a7caada907f1e.jpg"
	}
}