{
	"id": "887c9600-99b5-484f-b694-6ba4aab62adb",
	"created_at": "2026-04-06T00:14:01.049756Z",
	"updated_at": "2026-04-10T03:26:17.738619Z",
	"deleted_at": null,
	"sha1_hash": "b558a72e36f70a383a34ed5a901e216db26bd4c2",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44532,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 21:10:20 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool BlackRAT\r\n Tool: BlackRAT\r\nNames\r\nBlackRAT\r\nBlackRemote\r\nCategory Tools\r\nType Backdoor\r\nDescription\r\nthis my first full project using Java\r\nRemote Administrator Tool with a bunch of opretions to execute on the Target Device\r\nCompatible with Windows,Linux,MacOS ( Not Tested )\r\nInformation \u003chttps://github.com/blackhacker511/blackrat\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.blackremote\u003e\r\nAlienVault OTX \u003chttps://otx.alienvault.com/browse/pulses?q=tag:blackrat\u003e\r\nLast change to this tool card: 24 April 2021\r\nDownload this tool card in JSON format\r\nAll groups using tool BlackRAT\r\nChanged Name Country Observed\r\nAPT groups\r\n  RATicate [Unknown] 2019  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bcd493e5-4cee-48d5-a147-d49244841d68\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bcd493e5-4cee-48d5-a147-d49244841d68\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bcd493e5-4cee-48d5-a147-d49244841d68"
	],
	"report_names": [
		"listgroups.cgi?u=bcd493e5-4cee-48d5-a147-d49244841d68"
	],
	"threat_actors": [
		{
			"id": "0d07b30c-4393-4071-82fb-22f51f7749e0",
			"created_at": "2022-10-25T16:07:24.097096Z",
			"updated_at": "2026-04-10T02:00:04.865146Z",
			"deleted_at": null,
			"main_name": "RATicate",
			"aliases": [],
			"source_name": "ETDA:RATicate",
			"tools": [
				"AgenTesla",
				"Agent Tesla",
				"AgentTesla",
				"BetaBot",
				"BlackRAT",
				"BlackRemote",
				"Bladabindi",
				"CloudEyE",
				"ForeIT",
				"Formbook",
				"GuLoader",
				"Jorik",
				"Loki",
				"Loki.Rat",
				"LokiBot",
				"LokiPWS",
				"NSIS",
				"Negasteal",
				"NetWeird",
				"NetWire",
				"NetWire RAT",
				"NetWire RC",
				"NetWired RC",
				"Neurevt",
				"Nullsoft Scriptable Install System",
				"Origin Logger",
				"Recam",
				"Remcos",
				"RemcosRAT",
				"Remvio",
				"Socmer",
				"ZPAQ",
				"njRAT",
				"vbdropper",
				"win.xloader"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434441,
	"ts_updated_at": 1775791577,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b558a72e36f70a383a34ed5a901e216db26bd4c2.pdf",
		"text": "https://archive.orkl.eu/b558a72e36f70a383a34ed5a901e216db26bd4c2.txt",
		"img": "https://archive.orkl.eu/b558a72e36f70a383a34ed5a901e216db26bd4c2.jpg"
	}
}