{ "id": "b09801ec-56d5-4119-b55f-97f9af4dcd25", "created_at": "2026-04-06T00:21:04.652935Z", "updated_at": "2026-04-10T03:31:09.663454Z", "deleted_at": null, "sha1_hash": "b3550d0ce3a86d9895d92567a4ef6854c97c8a50", "title": "Advanced Port Scanner - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 43206, "plain_text": "Advanced Port Scanner - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-05 23:22:12 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Advanced Port Scanner\n Tool: Advanced Port Scanner\nNames Advanced Port Scanner\nCategory Tools\nType Reconnaissance\nDescription\nAdvanced Port Scanner is a free network scanner allowing you to quickly find open ports on\nnetwork computers and retrieve versions of programs running on the detected ports. The\nprogram has a user-friendly interface and rich functionality.\nInformation Last change to this tool card: 16 June 2021\nDownload this tool card in JSON format\nAll groups using tool Advanced Port Scanner\nChanged Name Country Observed\nAPT groups\n Indrik Spider 2007-Oct 2024\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a239be09-c828-43bd-bbc0-9ac8db7935bc\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a239be09-c828-43bd-bbc0-9ac8db7935bc\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a239be09-c828-43bd-bbc0-9ac8db7935bc" ], "report_names": [ "listgroups.cgi?u=a239be09-c828-43bd-bbc0-9ac8db7935bc" ], "threat_actors": [ { "id": "50068c14-343c-4491-b568-df41dd59551c", "created_at": "2022-10-25T15:50:23.253218Z", "updated_at": "2026-04-10T02:00:05.234464Z", "deleted_at": null, "main_name": "Indrik Spider", "aliases": [ "Indrik Spider", "Evil Corp", "Manatee Tempest", "DEV-0243", "UNC2165" ], "source_name": "MITRE:Indrik Spider", "tools": [ "Mimikatz", "PsExec", "Dridex", "WastedLocker", "BitPaymer", "Cobalt Strike" ], "source_id": "MITRE", "reports": null }, { "id": "b296f34c-c424-41da-98bf-90312a5df8ef", "created_at": "2024-06-19T02:03:08.027585Z", "updated_at": "2026-04-10T02:00:03.621193Z", "deleted_at": null, "main_name": "GOLD DRAKE", "aliases": [ "Evil Corp", "Indrik Spider ", "Manatee Tempest " ], "source_name": "Secureworks:GOLD DRAKE", "tools": [ "BitPaymer", "Cobalt Strike", "Covenant", "Donut", "Dridex", "Hades", "Koadic", "LockBit", "Macaw Locker", "Mimikatz", "Payload.Bin", "Phoenix CryptoLocker", "PowerShell Empire", "PowerSploit", "SocGholish", "WastedLocker" ], "source_id": "Secureworks", "reports": null }, { "id": "d706edf6-cb86-4611-99e1-4b464e9dc5b9", "created_at": "2023-01-06T13:46:38.839083Z", "updated_at": "2026-04-10T02:00:03.117987Z", "deleted_at": null, "main_name": "INDRIK SPIDER", "aliases": [ "Manatee Tempest" ], "source_name": "MISPGALAXY:INDRIK SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "9806f226-935f-48eb-b138-6616c9bb9d69", "created_at": "2022-10-25T16:07:23.73153Z", "updated_at": "2026-04-10T02:00:04.729977Z", "deleted_at": null, "main_name": "Indrik Spider", "aliases": [ "Blue Lelantos", "DEV-0243", "Evil Corp", "G0119", "Gold Drake", "Gold Winter", "Manatee Tempest", "Mustard Tempest", "UNC2165" ], "source_name": "ETDA:Indrik Spider", "tools": [ "Advanced Port Scanner", "Agentemis", "Babuk", "Babuk Locker", "Babyk", "BitPaymer", "Bugat", "Bugat v5", "Cobalt Strike", "CobaltStrike", "Cridex", "Dridex", "EmPyre", "EmpireProject", "FAKEUPDATES", "FakeUpdate", "Feodo", "FriedEx", "Hades", "IEncrypt", "LINK_MSIEXEC", "MEGAsync", "Macaw Locker", "Metasploit", "Mimikatz", "PayloadBIN", "Phoenix Locker", "PowerShell Empire", "PowerSploit", "PsExec", "QNAP-Worm", "Raspberry Robin", "RaspberryRobin", "SocGholish", "Vasa Locker", "WastedLoader", "WastedLocker", "cobeacon", "wp_encrypt" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434864, "ts_updated_at": 1775791869, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/b3550d0ce3a86d9895d92567a4ef6854c97c8a50.pdf", "text": "https://archive.orkl.eu/b3550d0ce3a86d9895d92567a4ef6854c97c8a50.txt", "img": "https://archive.orkl.eu/b3550d0ce3a86d9895d92567a4ef6854c97c8a50.jpg" } }