{
	"id": "9dd10d0f-e15b-4a71-9283-c04c637f6274",
	"created_at": "2026-04-06T00:12:32.87425Z",
	"updated_at": "2026-04-10T13:13:06.927932Z",
	"deleted_at": null,
	"sha1_hash": "bb32b5c1468a96fdc0e413681d1bd428acbe085d",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 54242,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 18:57:19 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool CHAIRSMACK\r\n Tool: CHAIRSMACK\r\nNames CHAIRSMACK\r\nCategory Malware\r\nType Backdoor\r\nDescription\r\n(Mandiant) CHAIRSMACK is a backdoor written in C++ that communicates using HTTP.\r\nCHAIRSMACK's core functionality involves expanding its capabilities by retrieving plugins\r\nfrom a C2 server. Downloaded plugins are cached on disk for future use. Capabilities added\r\nvia plugins are inferred based on supported backdoor command names. These capabilities\r\ninclude shell command execution, screenshot capture, audio capture, keylogging, file transfer,\r\nand file execution.\r\nInformation \u003chttps://www.mandiant.com/media/17826\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.chairsmack\u003e\r\nLast change to this tool card: 27 December 2022\r\nDownload this tool card in JSON format\r\nAll groups using tool CHAIRSMACK\r\nChanged Name Country Observed\r\nAPT groups\r\n  APT 42 2015-Feb 2024  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f6e9b97e-8e22-43a4-9b5d-8b4d7532ee86\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f6e9b97e-8e22-43a4-9b5d-8b4d7532ee86\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f6e9b97e-8e22-43a4-9b5d-8b4d7532ee86"
	],
	"report_names": [
		"listgroups.cgi?u=f6e9b97e-8e22-43a4-9b5d-8b4d7532ee86"
	],
	"threat_actors": [
		{
			"id": "9f778366-a4a7-42f1-ab1e-362aa065ee4f",
			"created_at": "2022-10-25T16:07:23.362157Z",
			"updated_at": "2026-04-10T02:00:04.562925Z",
			"deleted_at": null,
			"main_name": "APT 42",
			"aliases": [
				"GreenBravo"
			],
			"source_name": "ETDA:APT 42",
			"tools": [
				"BROKEYOLK",
				"CHAIRSMACK",
				"CORRUPT KITTEN",
				"DOSTEALER",
				"GORBLE",
				"Ghambar",
				"MAGICDROP",
				"PINEFLOWER",
				"POWERPOST",
				"SILENTUPLOADER",
				"TABBYCAT",
				"TAMECAT",
				"VBREVSHELL",
				"VINETHORN"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434352,
	"ts_updated_at": 1775826786,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bb32b5c1468a96fdc0e413681d1bd428acbe085d.pdf",
		"text": "https://archive.orkl.eu/bb32b5c1468a96fdc0e413681d1bd428acbe085d.txt",
		"img": "https://archive.orkl.eu/bb32b5c1468a96fdc0e413681d1bd428acbe085d.jpg"
	}
}