{
	"id": "9c52fa05-a857-4a8a-a204-c8372b103fd0",
	"created_at": "2026-04-06T00:08:17.89555Z",
	"updated_at": "2026-04-10T13:12:07.364355Z",
	"deleted_at": null,
	"sha1_hash": "bb25d0179db3e61db0878f80e1006bd0a8c7703c",
	"title": "BlackNET RAT - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45765,
	"plain_text": "BlackNET RAT - Threat Group Cards: A Threat Actor\nEncyclopedia\nArchived: 2026-04-05 19:39:45 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool BlackNET RAT\n Tool: BlackNET RAT\nNames BlackNET RAT\nCategory Malware\nType Backdoor\nDescription\n(Malpedia) Advanced and modern Windows botnet with PHP panel developed using VB.NET.\nIt has a lot of functionalities including: stealing/grabbing files and passwords, keylogging,\ncryptojacking, loading files, executing commands, etc. It is open source and emerged at the\nend of 2019.\nInformation\nMalpedia Last change to this tool card: 17 February 2023\nDownload this tool card in JSON format\nAll groups using tool BlackNET RAT\nChanged Name Country Observed\nAPT groups\n OPERA1ER [Unknown] 2016-Jul 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=12b565ab-4c7d-4bdf-9fce-a0e7d1b32ca3\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=12b565ab-4c7d-4bdf-9fce-a0e7d1b32ca3\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=12b565ab-4c7d-4bdf-9fce-a0e7d1b32ca3"
	],
	"report_names": [
		"listgroups.cgi?u=12b565ab-4c7d-4bdf-9fce-a0e7d1b32ca3"
	],
	"threat_actors": [
		{
			"id": "11c69e3d-a740-4a70-abd3-158ac0375452",
			"created_at": "2023-01-06T13:46:39.29608Z",
			"updated_at": "2026-04-10T02:00:03.27813Z",
			"deleted_at": null,
			"main_name": "Common Raven",
			"aliases": [
				"NXSMS",
				"DESKTOP-GROUP",
				"OPERA1ER"
			],
			"source_name": "MISPGALAXY:Common Raven",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a1071a25-d7c1-41be-a97f-2ec1b167ceb0",
			"created_at": "2023-02-18T02:04:24.365926Z",
			"updated_at": "2026-04-10T02:00:04.792271Z",
			"deleted_at": null,
			"main_name": "OPERA1ER",
			"aliases": [
				"Common Raven",
				"DESKTOP-GROUP",
				"NXSMS",
				"Operation Nervone"
			],
			"source_name": "ETDA:OPERA1ER",
			"tools": [
				"AgenTesla",
				"Agent Tesla",
				"AgentTesla",
				"Agentemis",
				"BitRAT",
				"BlackNET RAT",
				"Cobalt Strike",
				"CobaltStrike",
				"Kasidet",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Metasploit",
				"Negasteal",
				"NetWeird",
				"NetWire",
				"NetWire RAT",
				"NetWire RC",
				"NetWired RC",
				"Neutrino Bot",
				"Neutrino Exploit Kit",
				"Ngrok",
				"Origin Logger",
				"PsExec",
				"RDPWrap",
				"Recam",
				"Remcos",
				"RemcosRAT",
				"Remvio",
				"Revealer Keylogger",
				"Socmer",
				"VenomRAT",
				"ZPAQ",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434097,
	"ts_updated_at": 1775826727,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bb25d0179db3e61db0878f80e1006bd0a8c7703c.pdf",
		"text": "https://archive.orkl.eu/bb25d0179db3e61db0878f80e1006bd0a8c7703c.txt",
		"img": "https://archive.orkl.eu/bb25d0179db3e61db0878f80e1006bd0a8c7703c.jpg"
	}
}