{
	"id": "5bec6402-5c1b-419b-a368-40f31e71e63b",
	"created_at": "2026-04-06T00:10:34.510927Z",
	"updated_at": "2026-04-10T03:27:46.34717Z",
	"deleted_at": null,
	"sha1_hash": "c315522ce744bf8f2a0e00e3bdff360453e2fc6c",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46228,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:49:47 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ViceLeaker\n Tool: ViceLeaker\nNames\nViceLeaker\nTriout\nCategory Malware\nType Backdoor, Info stealer, Exfiltration\nDescription\n(Kaspersky) The analysis of the APK was rather interesting, because some of the actions\nwere very common spyware features, such as the exfiltration of SMS messages, call logs\nand other data. However, in addition to the traditional functionality, there were also\nbackdoor capabilities such as upload, download, delete files, camera takeover and record\nsurrounding audio.\nInformation\nMITRE ATT\u0026CK Last change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool ViceLeaker\nChanged Name Country Observed\nAPT groups\n Operation ViceLeaker [Unknown] 2018\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e0e10485-2df9-49fa-b833-b30a245ca711\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e0e10485-2df9-49fa-b833-b30a245ca711\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e0e10485-2df9-49fa-b833-b30a245ca711"
	],
	"report_names": [
		"listgroups.cgi?u=e0e10485-2df9-49fa-b833-b30a245ca711"
	],
	"threat_actors": [
		{
			"id": "e0b6d3fa-157c-45bf-b9e3-3aa9f9aa7de7",
			"created_at": "2022-10-25T16:07:24.024256Z",
			"updated_at": "2026-04-10T02:00:04.844251Z",
			"deleted_at": null,
			"main_name": "Operation ViceLeaker",
			"aliases": [],
			"source_name": "ETDA:Operation ViceLeaker",
			"tools": [
				"Triout",
				"ViceLeaker"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "b960c826-adff-49e8-97aa-017ceab56776",
			"created_at": "2023-01-06T13:46:39.036244Z",
			"updated_at": "2026-04-10T02:00:03.191243Z",
			"deleted_at": null,
			"main_name": "ViceLeaker",
			"aliases": [],
			"source_name": "MISPGALAXY:ViceLeaker",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434234,
	"ts_updated_at": 1775791666,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c315522ce744bf8f2a0e00e3bdff360453e2fc6c.pdf",
		"text": "https://archive.orkl.eu/c315522ce744bf8f2a0e00e3bdff360453e2fc6c.txt",
		"img": "https://archive.orkl.eu/c315522ce744bf8f2a0e00e3bdff360453e2fc6c.jpg"
	}
}