{
	"id": "49d7a1f3-a472-4b42-880e-50b4d02549f0",
	"created_at": "2026-04-06T00:08:59.479158Z",
	"updated_at": "2026-04-10T03:35:26.978358Z",
	"deleted_at": null,
	"sha1_hash": "b9a3cb8bfafcafa1d96147be3fa4b7d14f55c8e8",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48168,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 18:13:05 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool JuicyPotatoNG\n Tool: JuicyPotatoNG\nNames JuicyPotatoNG\nCategory Exploits\nType Backdoor\nDescription\nA local privilege escalation tool, from a Windows service account to NT\nAUTHORITY\\SYSTEM. It is based on RottenPotatoNG.\nInformation\nLast change to this tool card: 19 June 2024\nDownload this tool card in JSON format\nAll groups using tool JuicyPotatoNG\nChanged Name Country Observed\nAPT groups\n Operation Diplomatic Specter 2022\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8371435a-20f0-4bad-8c19-b36741f2fea8\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8371435a-20f0-4bad-8c19-b36741f2fea8\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8371435a-20f0-4bad-8c19-b36741f2fea8"
	],
	"report_names": [
		"listgroups.cgi?u=8371435a-20f0-4bad-8c19-b36741f2fea8"
	],
	"threat_actors": [
		{
			"id": "cff2cedd-a198-4e79-ae67-19048084ae7f",
			"created_at": "2024-06-20T02:02:09.945126Z",
			"updated_at": "2026-04-10T02:00:04.79991Z",
			"deleted_at": null,
			"main_name": "Operation Diplomatic Specter",
			"aliases": [
				"CL-STA-0043",
				"TGR-STA-0043"
			],
			"source_name": "ETDA:Operation Diplomatic Specter",
			"tools": [
				"Agent Racoon",
				"Agent.dhwf",
				"AngryRebel",
				"CHINACHOPPER",
				"China Chopper",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"HTran",
				"HUC Packet Transmit Tool",
				"JuicyPotatoNG",
				"Kaba",
				"Korplug",
				"LadonGo",
				"Mimikatz",
				"Mimilite",
				"Moudour",
				"Mydoor",
				"NBTscan",
				"Ntospy",
				"PCRat",
				"PlugX",
				"RedDelta",
				"SharpEfsPotato",
				"SinoChopper",
				"Sogu",
				"SweetSpecter",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"TunnelSpecter",
				"Xamtrav",
				"Yasso",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434139,
	"ts_updated_at": 1775792126,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b9a3cb8bfafcafa1d96147be3fa4b7d14f55c8e8.pdf",
		"text": "https://archive.orkl.eu/b9a3cb8bfafcafa1d96147be3fa4b7d14f55c8e8.txt",
		"img": "https://archive.orkl.eu/b9a3cb8bfafcafa1d96147be3fa4b7d14f55c8e8.jpg"
	}
}