{
	"id": "cfc90d71-add2-49b7-a206-5e24c0b9b912",
	"created_at": "2026-04-06T03:35:44.613062Z",
	"updated_at": "2026-04-10T03:26:21.82473Z",
	"deleted_at": null,
	"sha1_hash": "b8e80e2c239e7dea2cd9803295468f00919b0792",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 55215,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 02:51:26 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Chinoxy\n Tool: Chinoxy\nNames Chinoxy\nCategory Malware\nType Backdoor, Info stealer\nDescription\n(Bitdefender) In the context of the current attack, the Chinoxy backdoor was mainly\nused to execute ccf32.exe for data collection.\nInformation\nMITRE ATT\u0026CK Malpedia Last change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool Chinoxy\nChanged Name Country Observed\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=29d70c9e-995a-43f8-8ac6-c9c5c446fd6f\nPage 1 of 2\n\nAPT groups\r\n  FunnyDream 2018  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=29d70c9e-995a-43f8-8ac6-c9c5c446fd6f\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=29d70c9e-995a-43f8-8ac6-c9c5c446fd6f\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=29d70c9e-995a-43f8-8ac6-c9c5c446fd6f"
	],
	"report_names": [
		"listgroups.cgi?u=29d70c9e-995a-43f8-8ac6-c9c5c446fd6f"
	],
	"threat_actors": [
		{
			"id": "b98eb1ec-dc8b-4aea-b112-9e485408dd14",
			"created_at": "2022-10-25T16:07:23.649308Z",
			"updated_at": "2026-04-10T02:00:04.701157Z",
			"deleted_at": null,
			"main_name": "FunnyDream",
			"aliases": [
				"Bronze Edgewood",
				"Red Hariasa",
				"TAG-16"
			],
			"source_name": "ETDA:FunnyDream",
			"tools": [
				"Chinoxy",
				"Filepak",
				"FilepakMonitor",
				"FunnyDream",
				"Keyrecord",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Md_client",
				"PCShare",
				"ScreenCap",
				"TcpBridge",
				"Tcp_transfer",
				"ccf32"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775446544,
	"ts_updated_at": 1775791581,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b8e80e2c239e7dea2cd9803295468f00919b0792.pdf",
		"text": "https://archive.orkl.eu/b8e80e2c239e7dea2cd9803295468f00919b0792.txt",
		"img": "https://archive.orkl.eu/b8e80e2c239e7dea2cd9803295468f00919b0792.jpg"
	}
}