Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-06 00:10:33 UTC
Home > List all groups > List all tools > List all groups using tool THINCRUST
 Tool: THINCRUST
Names THINCRUST
Category Malware
Type Backdoor
Description
(Mandiant) Mandiant’s analysis identified that upon initial connection to the FortiManager, the
threat actor appended python backdoor code to a legitimate web framework file. Mandiant
classified this new malware family as THINCRUST.
Information Last change to this tool card: 26 August 2024
Download this tool card in JSON format
All groups using tool THINCRUST
Changed Name Country Observed
APT groups
 UNC3886 2021-Early 2025
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3a8460fc-e6a6-4c9e-9372-446b1488ccac
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3a8460fc-e6a6-4c9e-9372-446b1488ccac
Page 1 of 1