{
	"id": "da5a39f4-1067-4d5c-b500-0eb74b220418",
	"created_at": "2026-04-06T00:11:36.462866Z",
	"updated_at": "2026-04-10T03:34:24.172938Z",
	"deleted_at": null,
	"sha1_hash": "b0904cad7ba21445397906fe4d8fc9c7c02b390b",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 57333,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:03:07 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool BlackCat\n Tool: BlackCat\nNames\nBlackCat\nALPHV\nALPHVM\nNoberus\nCategory Malware\nType Ransomware, Big Game Hunting\nDescription\n(Palo Alto) The malware itself is coded in the Rust programming language. Though this\nis not the first piece of malware to use Rust, it is one of the first, if not the first, piece of\nransomware to use it. By leveraging this programming language, the malware authors\nare able to easily compile it against various operating system architectures. Given its\nnumerous native options, Rust is highly customizable, which facilitates the ability to\npivot and individualize attacks.\nInformation https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b7260119-d178-4d47-9a11-2d32c0d4cd9c\nPage 1 of 2\n\nMITRE ATT\u0026CK Malpedia\nPlaybook Last change to this tool card: 22 June 2023\nDownload this tool card in JSON format\nAll groups using tool BlackCat\nChanged Name Country Observed\nAPT groups\n ALPHV, BlackCat Gang [Unknown] 2021-Mar 2024\n FIN8 [Unknown] 2016-Dec 2022\n2 groups listed (2 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b7260119-d178-4d47-9a11-2d32c0d4cd9c\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b7260119-d178-4d47-9a11-2d32c0d4cd9c\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b7260119-d178-4d47-9a11-2d32c0d4cd9c"
	],
	"report_names": [
		"listgroups.cgi?u=b7260119-d178-4d47-9a11-2d32c0d4cd9c"
	],
	"threat_actors": [
		{
			"id": "3150bf4f-288a-44b8-ab48-0ced9b052a0c",
			"created_at": "2025-08-07T02:03:24.910023Z",
			"updated_at": "2026-04-10T02:00:03.713077Z",
			"deleted_at": null,
			"main_name": "GOLD HUXLEY",
			"aliases": [
				"CTG-6969 ",
				"FIN8 "
			],
			"source_name": "Secureworks:GOLD HUXLEY",
			"tools": [
				"Gozi ISFB",
				"Powersniff"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "5bdde906-0416-42ee-9100-5ebd95dda77a",
			"created_at": "2023-01-06T13:46:38.601977Z",
			"updated_at": "2026-04-10T02:00:03.035842Z",
			"deleted_at": null,
			"main_name": "FIN8",
			"aliases": [
				"ATK113",
				"G0061"
			],
			"source_name": "MISPGALAXY:FIN8",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b",
			"created_at": "2022-10-25T16:07:23.303713Z",
			"updated_at": "2026-04-10T02:00:04.530417Z",
			"deleted_at": null,
			"main_name": "ALPHV",
			"aliases": [
				"ALPHV",
				"ALPHVM",
				"Ambitious Scorpius",
				"BlackCat Gang",
				"UNC4466"
			],
			"source_name": "ETDA:ALPHV",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BlackCat",
				"GO Simple Tunnel",
				"GOST",
				"Impacket",
				"LaZagne",
				"MEGAsync",
				"Mimikatz",
				"Munchkin",
				"Noberus",
				"PsExec",
				"Remcom",
				"RemoteCommandExecution",
				"WebBrowserPassView"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "72d09c17-e33e-4c2f-95db-f204848cc797",
			"created_at": "2022-10-25T15:50:23.832551Z",
			"updated_at": "2026-04-10T02:00:05.336787Z",
			"deleted_at": null,
			"main_name": "FIN8",
			"aliases": [
				"FIN8",
				"Syssphinx"
			],
			"source_name": "MITRE:FIN8",
			"tools": [
				"BADHATCH",
				"PUNCHBUGGY",
				"Ragnar Locker",
				"PUNCHTRACK",
				"dsquery",
				"Nltest",
				"Sardonic",
				"PsExec",
				"Impacket"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "fc80a724-e567-457c-82bb-70147435e129",
			"created_at": "2022-10-25T16:07:23.624289Z",
			"updated_at": "2026-04-10T02:00:04.691643Z",
			"deleted_at": null,
			"main_name": "FIN8",
			"aliases": [
				"ATK 113",
				"G0061",
				"Storm-0288",
				"Syssphinx"
			],
			"source_name": "ETDA:FIN8",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BadHatch",
				"BlackCat",
				"Noberus",
				"PSVC",
				"PUNCHTRACK",
				"PoSlurp",
				"Powersniff",
				"PunchBuggy",
				"Ragnar Loader",
				"Ragnar Locker",
				"RagnarLocker",
				"Sardonic",
				"ShellTea"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434296,
	"ts_updated_at": 1775792064,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b0904cad7ba21445397906fe4d8fc9c7c02b390b.pdf",
		"text": "https://archive.orkl.eu/b0904cad7ba21445397906fe4d8fc9c7c02b390b.txt",
		"img": "https://archive.orkl.eu/b0904cad7ba21445397906fe4d8fc9c7c02b390b.jpg"
	}
}