{
	"id": "8c97ecbf-64e1-44de-bcae-cc4a5477382a",
	"created_at": "2026-04-06T01:30:07.464863Z",
	"updated_at": "2026-04-10T03:30:13.465638Z",
	"deleted_at": null,
	"sha1_hash": "c45c8417e9fdc771c5336b07e9d8fe0de6e0edc6",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47598,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 00:30:42 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool PHPsert\n Tool: PHPsert\nNames PHPsert\nCategory Malware\nType Backdoor\nDescription\n(SentinelLabs) PHPsert executes attacker-provided PHP code using the assert function, which,\nin PHP versions prior to 8.0.0, interprets and runs parameter strings as PHP code. To hinder\nstatic analysis and evade detection, the webshell uses various code obfuscation techniques,\nincluding XOR encoding, hexadecimal character representation, string concatenation, and\nrandomized variable names.\nInformation\nLast change to this tool card: 27 December 2024\nDownload this tool card in JSON format\nAll groups using tool PHPsert\nChanged Name Country Observed\nAPT groups\n Operation Digital Eye 2024\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=368f7e08-8a58-4b34-83d1-6c087a461eb1\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=368f7e08-8a58-4b34-83d1-6c087a461eb1\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=368f7e08-8a58-4b34-83d1-6c087a461eb1"
	],
	"report_names": [
		"listgroups.cgi?u=368f7e08-8a58-4b34-83d1-6c087a461eb1"
	],
	"threat_actors": [
		{
			"id": "6d7e8ca8-d5a4-4514-baef-b208b607e48e",
			"created_at": "2024-12-28T02:01:54.84356Z",
			"updated_at": "2026-04-10T02:00:04.798594Z",
			"deleted_at": null,
			"main_name": "Operation Digital Eye",
			"aliases": [],
			"source_name": "ETDA:Operation Digital Eye",
			"tools": [
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Mimikatz",
				"PHPsert",
				"mim221"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439007,
	"ts_updated_at": 1775791813,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c45c8417e9fdc771c5336b07e9d8fe0de6e0edc6.pdf",
		"text": "https://archive.orkl.eu/c45c8417e9fdc771c5336b07e9d8fe0de6e0edc6.txt",
		"img": "https://archive.orkl.eu/c45c8417e9fdc771c5336b07e9d8fe0de6e0edc6.jpg"
	}
}