{
	"id": "79d2a57d-68fd-49cf-847c-5cc7cf386eb6",
	"created_at": "2026-04-06T00:19:32.403315Z",
	"updated_at": "2026-04-10T03:20:18.673064Z",
	"deleted_at": null,
	"sha1_hash": "bdbb15f97342598fadf0fd5c47a7a1c265db2339",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28674,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 16:43:27 UTC\r\nDescriptionClop is a ransomware which uses the .clop extension after having encrypted the victim's files. Another\r\nunique characteristic belonging with Clop is in the string: 'Dont Worry C|0P' included into the ransom notes. It is a\r\nvariant of CryptoMix ransomware, but it additionally attempts to disable Windows Defender and to remove the\r\nMicrosoft Security Essentials in order to avoid user space detection.\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8792eefb-d852-4a24-ad09-46614ef7a815\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8792eefb-d852-4a24-ad09-46614ef7a815\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8792eefb-d852-4a24-ad09-46614ef7a815"
	],
	"report_names": [
		"listgroups.cgi?u=8792eefb-d852-4a24-ad09-46614ef7a815"
	],
	"threat_actors": [],
	"ts_created_at": 1775434772,
	"ts_updated_at": 1775791218,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bdbb15f97342598fadf0fd5c47a7a1c265db2339.pdf",
		"text": "https://archive.orkl.eu/bdbb15f97342598fadf0fd5c47a7a1c265db2339.txt",
		"img": "https://archive.orkl.eu/bdbb15f97342598fadf0fd5c47a7a1c265db2339.jpg"
	}
}