{
	"id": "f409393e-dda1-4faa-94cf-5d3af6889aee",
	"created_at": "2026-04-06T00:07:13.656694Z",
	"updated_at": "2026-04-10T03:24:36.624828Z",
	"deleted_at": null,
	"sha1_hash": "bbe1f5e64e3f263d0a16c0a1abaca3d0f97ac1b0",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45299,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-02 11:35:05 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool KamiKakaBot\n Tool: KamiKakaBot\nNames KamiKakaBot\nCategory Malware\nType Backdoor\nDescription\n(Group-IB) They created two custom modules, named by Group-IB as TelePowerBot and\nKamiKakaBot, which are written in PowerShell and .NET, respectively. These two pieces of\nmalware are designed to read and execute commands from a threat actor-controlled Telegram\nchannel via Telegram bot. Group-IB researchers noted that all communication between the\ndevices of the threat actors and victims was based entirely on Telegram API, and they utilized\nnumerous evasion techniques, including Bypass User Account Control, to remain undetected.\nInformation Last change to this tool card: 15 February 2023\nDownload this tool card in JSON format\nAll groups using tool KamiKakaBot\nChanged Name Country Observed\nAPT groups\n Dark Pink [Unknown] 2022-Feb 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7d0df28b-f0d8-4685-86d5-5366ca8826e9\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7d0df28b-f0d8-4685-86d5-5366ca8826e9\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=7d0df28b-f0d8-4685-86d5-5366ca8826e9"
	],
	"report_names": [
		"listgroups.cgi?u=7d0df28b-f0d8-4685-86d5-5366ca8826e9"
	],
	"threat_actors": [
		{
			"id": "fd4c3ddd-11cc-4192-9c94-ff107d7f8492",
			"created_at": "2023-02-18T02:04:24.06294Z",
			"updated_at": "2026-04-10T02:00:04.644528Z",
			"deleted_at": null,
			"main_name": "Dark Pink",
			"aliases": [
				"Saaiwc Group"
			],
			"source_name": "ETDA:Dark Pink",
			"tools": [
				"Ctealer",
				"Cucky",
				"KamiKakaBot",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"PowerSploit",
				"TelePowerBot",
				"ZMsg"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434033,
	"ts_updated_at": 1775791476,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bbe1f5e64e3f263d0a16c0a1abaca3d0f97ac1b0.pdf",
		"text": "https://archive.orkl.eu/bbe1f5e64e3f263d0a16c0a1abaca3d0f97ac1b0.txt",
		"img": "https://archive.orkl.eu/bbe1f5e64e3f263d0a16c0a1abaca3d0f97ac1b0.jpg"
	}
}