{
	"id": "3d7b2f2f-a764-410b-bcd6-23ebe6aac439",
	"created_at": "2026-04-06T03:36:20.1505Z",
	"updated_at": "2026-04-10T13:12:53.557519Z",
	"deleted_at": null,
	"sha1_hash": "c2163c67df288eb777c9f0586f510363921c10ac",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49151,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-06 03:23:12 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool MASOL RAT\r\n Tool: MASOL RAT\r\nNames\r\nMASOL RAT\r\nBackdr-NQ\r\nCategory Malware\r\nType Backdoor\r\nDescription\r\n(Trend Micro) We discovered that Earth Estries uses another cross-platform backdoor, which\r\nwe initially identified during our investigation of Southeast Asian government incidents in\r\n2020. We named it MASOL RAT based on its PDB string. We couldn’t link MASOL RAT to\r\nany known threat group at the time due to limited information. However, this year we\r\nobserved that Earth Estries has been deploying MASOL RAT on Linux devices targeting\r\nSoutheast Asian government networks.\r\nInformation \u003chttps://www.trendmicro.com/en_us/research/24/k/earth-estries.html\u003e\r\nLast change to this tool card: 28 December 2024\r\nDownload this tool card in JSON format\r\nAll groups using tool MASOL RAT\r\nChanged Name Country Observed\r\nAPT groups\r\n  Salt Typhoon, GhostEmperor 2020-Feb 2025\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=af09c77a-dc2b-42e3-87cb-54bd83877493\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=af09c77a-dc2b-42e3-87cb-54bd83877493\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=af09c77a-dc2b-42e3-87cb-54bd83877493"
	],
	"report_names": [
		"listgroups.cgi?u=af09c77a-dc2b-42e3-87cb-54bd83877493"
	],
	"threat_actors": [
		{
			"id": "f67fb5b3-b0d4-484c-943e-ebf12251eff6",
			"created_at": "2022-10-25T16:07:23.605611Z",
			"updated_at": "2026-04-10T02:00:04.685162Z",
			"deleted_at": null,
			"main_name": "FamousSparrow",
			"aliases": [
				"Earth Estries"
			],
			"source_name": "ETDA:FamousSparrow",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "f0eca237-f191-448f-87d1-5d6b3651cbff",
			"created_at": "2024-02-06T02:00:04.140087Z",
			"updated_at": "2026-04-10T02:00:03.577326Z",
			"deleted_at": null,
			"main_name": "GhostEmperor",
			"aliases": [
				"OPERATOR PANDA",
				"FamousSparrow",
				"UNC2286",
				"Salt Typhoon",
				"RedMike"
			],
			"source_name": "MISPGALAXY:GhostEmperor",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "a09ade2a-6b87-4f9a-b4f8-23cf14f63633",
			"created_at": "2023-11-04T02:00:07.676869Z",
			"updated_at": "2026-04-10T02:00:03.389898Z",
			"deleted_at": null,
			"main_name": "Earth Estries",
			"aliases": [],
			"source_name": "MISPGALAXY:Earth Estries",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d390d62a-6e11-46e5-a16f-a88898a8e6ff",
			"created_at": "2024-12-28T02:01:54.899899Z",
			"updated_at": "2026-04-10T02:00:04.880446Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Earth Estries",
				"FamousSparrow",
				"GhostEmperor",
				"Operator Panda",
				"RedMike",
				"Salt Typhoon",
				"UNC2286"
			],
			"source_name": "ETDA:Salt Typhoon",
			"tools": [
				"Agentemis",
				"Backdr-NQ",
				"Cobalt Strike",
				"CobaltStrike",
				"Crowdoor",
				"Cryptmerlin",
				"Deed RAT",
				"Demodex",
				"FamousSparrow",
				"FuxosDoor",
				"GHOSTSPIDER",
				"HemiGate",
				"MASOL RAT",
				"Mimikatz",
				"NBTscan",
				"NinjaCopy",
				"ProcDump",
				"PsExec",
				"PsList",
				"SnappyBee",
				"SparrowDoor",
				"TrillClient",
				"WinRAR",
				"Zingdoor",
				"certutil",
				"certutil.exe",
				"cobeacon",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "fcff864b-9255-49cf-9d9b-2b9cb2ad7cff",
			"created_at": "2025-04-23T02:00:55.190165Z",
			"updated_at": "2026-04-10T02:00:05.361244Z",
			"deleted_at": null,
			"main_name": "Salt Typhoon",
			"aliases": [
				"Salt Typhoon"
			],
			"source_name": "MITRE:Salt Typhoon",
			"tools": [
				"JumbledPath"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "6477a057-a76b-4b60-9135-b21ee075ca40",
			"created_at": "2025-11-01T02:04:53.060656Z",
			"updated_at": "2026-04-10T02:00:03.845594Z",
			"deleted_at": null,
			"main_name": "BRONZE TIGER",
			"aliases": [
				"Earth Estries ",
				"Famous Sparrow ",
				"Ghost Emperor ",
				"RedMike ",
				"Salt Typhoon "
			],
			"source_name": "Secureworks:BRONZE TIGER",
			"tools": [],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775446580,
	"ts_updated_at": 1775826773,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c2163c67df288eb777c9f0586f510363921c10ac.pdf",
		"text": "https://archive.orkl.eu/c2163c67df288eb777c9f0586f510363921c10ac.txt",
		"img": "https://archive.orkl.eu/c2163c67df288eb777c9f0586f510363921c10ac.jpg"
	}
}