{
	"id": "a96512be-5651-48b0-a0ac-f372113185a6",
	"created_at": "2026-04-06T00:14:15.930576Z",
	"updated_at": "2026-04-10T03:29:18.715208Z",
	"deleted_at": null,
	"sha1_hash": "bf8ca7cfbab0235e7c4f442cec574f816dbad3ef",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50529,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:18:36 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool CreepySnail\n Tool: CreepySnail\nNames CreepySnail\nCategory Malware\nType Backdoor\nDescription\n(ESET) CreepySnail is another PowerShell backdoor that sends HTTP requests to a\nC\u0026C server and receives and executes PowerShell commands. We saw various versions\nof this backdoor in the wild, though the differences between them were minimal.\nInformation MITRE ATT\u0026CK Malpedia Last change to this tool card: 22 June 2023\nDownload this tool card in JSON format\nAll groups using tool CreepySnail\nChanged Name Country Observed\nAPT groups\n Polonium 2022-Sep 2022\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=18fb29a2-baae-4d98-9f8f-0d60f4a29cdd\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=18fb29a2-baae-4d98-9f8f-0d60f4a29cdd\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=18fb29a2-baae-4d98-9f8f-0d60f4a29cdd"
	],
	"report_names": [
		"listgroups.cgi?u=18fb29a2-baae-4d98-9f8f-0d60f4a29cdd"
	],
	"threat_actors": [
		{
			"id": "d866a181-c427-43df-9948-a8010a8fdad6",
			"created_at": "2022-10-27T08:27:13.080609Z",
			"updated_at": "2026-04-10T02:00:05.303153Z",
			"deleted_at": null,
			"main_name": "POLONIUM",
			"aliases": [
				"POLONIUM",
				"Plaid Rain"
			],
			"source_name": "MITRE:POLONIUM",
			"tools": [
				"CreepyDrive",
				"CreepySnail"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6cfeba14-c84e-4606-88b9-c7a7689c450f",
			"created_at": "2022-10-25T16:07:24.06766Z",
			"updated_at": "2026-04-10T02:00:04.857565Z",
			"deleted_at": null,
			"main_name": "Polonium",
			"aliases": [
				"G1005",
				"Incendiary Jackal",
				"Plaid Rain"
			],
			"source_name": "ETDA:Polonium",
			"tools": [
				"CreepyDrive",
				"CreepySnail",
				"DeepCreep",
				"FlipCreep",
				"MegaCreep",
				"PapaCreep",
				"TechnoCreep"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "b7823339-891d-4ded-b01d-1f142a88bc64",
			"created_at": "2023-01-06T13:46:39.381591Z",
			"updated_at": "2026-04-10T02:00:03.308737Z",
			"deleted_at": null,
			"main_name": "POLONIUM",
			"aliases": [
				"GREATRIFT",
				"INCENDIARY JACKAL",
				"Plaid Rain",
				"UNC4453"
			],
			"source_name": "MISPGALAXY:POLONIUM",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434455,
	"ts_updated_at": 1775791758,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bf8ca7cfbab0235e7c4f442cec574f816dbad3ef.pdf",
		"text": "https://archive.orkl.eu/bf8ca7cfbab0235e7c4f442cec574f816dbad3ef.txt",
		"img": "https://archive.orkl.eu/bf8ca7cfbab0235e7c4f442cec574f816dbad3ef.jpg"
	}
}