{
	"id": "8da70d1d-7541-47f6-96ad-0d370217a305",
	"created_at": "2026-04-06T00:08:54.565815Z",
	"updated_at": "2026-04-10T13:11:34.438176Z",
	"deleted_at": null,
	"sha1_hash": "b36c9f9e76656a2e87ab7dfb1a6bb0d854f77c28",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 64960,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:45:32 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Bandook\n Tool: Bandook\nNames\nBandook\nBandok\nCategory Tools\nType Backdoor\nDescription\nBandook is a commercially available RAT, written in Delphi, which has been available\nsince roughly 2007.\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 16 January 2024\nDownload this tool card in JSON format\nAll groups using tool Bandook\nChanged Name Country Observed\nAPT groups\n Dark Caracal 2007-Jun 2024\n Operation Bandidos [Unknown] 2021\n Operation Manul 2015\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2dd98bbc-2ce7-4c49-ac87-3eededb8a713\nPage 1 of 2\n\n3 groups listed (3 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2dd98bbc-2ce7-4c49-ac87-3eededb8a713\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2dd98bbc-2ce7-4c49-ac87-3eededb8a713\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2dd98bbc-2ce7-4c49-ac87-3eededb8a713"
	],
	"report_names": [
		"listgroups.cgi?u=2dd98bbc-2ce7-4c49-ac87-3eededb8a713"
	],
	"threat_actors": [
		{
			"id": "d4347dfe-2489-4fe4-8097-f4be33aadac2",
			"created_at": "2022-10-25T16:07:23.973289Z",
			"updated_at": "2026-04-10T02:00:04.815324Z",
			"deleted_at": null,
			"main_name": "Operation Manul",
			"aliases": [],
			"source_name": "ETDA:Operation Manul",
			"tools": [
				"Bandok",
				"Bandook",
				"JRat",
				"Jacksbot"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "bbf66d2d-3d20-4026-a2b5-56b31eb65de4",
			"created_at": "2025-08-07T02:03:25.123407Z",
			"updated_at": "2026-04-10T02:00:03.668131Z",
			"deleted_at": null,
			"main_name": "ZINC EMERSON",
			"aliases": [
				"Confucius ",
				"Dropping Elephant ",
				"EHDevel ",
				"Manul ",
				"Monsoon ",
				"Operation Hangover ",
				"Patchwork ",
				"TG-4410 ",
				"Viceroy Tiger "
			],
			"source_name": "Secureworks:ZINC EMERSON",
			"tools": [
				"Enlighten Infostealer",
				"Hanove",
				"Mac OS X KitM Spyware",
				"Proyecto2",
				"YTY Backdoor"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "8de10e16-817c-4907-bd98-b64cf4a3e77b",
			"created_at": "2022-10-25T15:50:23.552766Z",
			"updated_at": "2026-04-10T02:00:05.362919Z",
			"deleted_at": null,
			"main_name": "Dark Caracal",
			"aliases": [
				"Dark Caracal"
			],
			"source_name": "MITRE:Dark Caracal",
			"tools": [
				"FinFisher",
				"CrossRAT",
				"Bandook"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "4ea20013-ce3f-4f94-b41d-1be5d44cc9ec",
			"created_at": "2022-10-25T16:07:23.931522Z",
			"updated_at": "2026-04-10T02:00:04.794118Z",
			"deleted_at": null,
			"main_name": "Operation Bandidos",
			"aliases": [],
			"source_name": "ETDA:Operation Bandidos",
			"tools": [
				"Bandok",
				"Bandook"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "4a62c0be-1583-4d82-8f91-46e3a1c114e6",
			"created_at": "2023-01-06T13:46:38.73639Z",
			"updated_at": "2026-04-10T02:00:03.083265Z",
			"deleted_at": null,
			"main_name": "Dark Caracal",
			"aliases": [
				"G0070"
			],
			"source_name": "MISPGALAXY:Dark Caracal",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "af704c54-a580-4c29-95f2-82db06fbb6f9",
			"created_at": "2022-10-25T16:07:23.525064Z",
			"updated_at": "2026-04-10T02:00:04.64019Z",
			"deleted_at": null,
			"main_name": "Dark Caracal",
			"aliases": [
				"ATK 27",
				"G0070",
				"Operation Dark Caracal",
				"TAG-CT3"
			],
			"source_name": "ETDA:Dark Caracal",
			"tools": [
				"Bandok",
				"Bandook",
				"CrossRAT",
				"FinFisher",
				"FinFisher RAT",
				"FinSpy",
				"Pallas",
				"Trupto"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434134,
	"ts_updated_at": 1775826694,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b36c9f9e76656a2e87ab7dfb1a6bb0d854f77c28.pdf",
		"text": "https://archive.orkl.eu/b36c9f9e76656a2e87ab7dfb1a6bb0d854f77c28.txt",
		"img": "https://archive.orkl.eu/b36c9f9e76656a2e87ab7dfb1a6bb0d854f77c28.jpg"
	}
}