{
	"id": "fe037209-0923-4880-80d9-720f66e653c5",
	"created_at": "2026-04-06T00:06:47.116172Z",
	"updated_at": "2026-04-10T13:12:15.04277Z",
	"deleted_at": null,
	"sha1_hash": "c703a4d26d8d0826a2c1c9e58ce08746b7db483a",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44399,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 21:10:02 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool RustDown\n Tool: RustDown\nNames RustDown\nCategory Malware\nType Backdoor\nDescription\n(Intezer) In October 2023, we discovered a new malware written in Rust. The sample is a 32-\nbit Windows executable masquerading as a PHP framework component. While the codebase is\nnew, the malware consistently shares TTPs used by the WildCard threat actor in both SysJoker\nand its variants. The name of the malware is derived from the developers, as evidenced by a\nleftover PDB path.\nInformation Last change to this tool card: 30 November 2023\nDownload this tool card in JSON format\nAll groups using tool RustDown\nChanged Name Country Observed\nAPT groups\n WildCard [Unknown] 2021\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b6f78f30-6781-4ba2-81d3-9a36e1eb4723\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b6f78f30-6781-4ba2-81d3-9a36e1eb4723\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b6f78f30-6781-4ba2-81d3-9a36e1eb4723"
	],
	"report_names": [
		"listgroups.cgi?u=b6f78f30-6781-4ba2-81d3-9a36e1eb4723"
	],
	"threat_actors": [
		{
			"id": "2864e40a-f233-4618-ac61-b03760a41cbb",
			"created_at": "2023-12-01T02:02:34.272108Z",
			"updated_at": "2026-04-10T02:00:04.97558Z",
			"deleted_at": null,
			"main_name": "WildCard",
			"aliases": [],
			"source_name": "ETDA:WildCard",
			"tools": [
				"RustDown",
				"SysJoker"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "256a6a2d-e8a2-4497-b399-628a7fad4b3e",
			"created_at": "2023-11-30T02:00:07.299845Z",
			"updated_at": "2026-04-10T02:00:03.484788Z",
			"deleted_at": null,
			"main_name": "WildCard",
			"aliases": [],
			"source_name": "MISPGALAXY:WildCard",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434007,
	"ts_updated_at": 1775826735,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c703a4d26d8d0826a2c1c9e58ce08746b7db483a.pdf",
		"text": "https://archive.orkl.eu/c703a4d26d8d0826a2c1c9e58ce08746b7db483a.txt",
		"img": "https://archive.orkl.eu/c703a4d26d8d0826a2c1c9e58ce08746b7db483a.jpg"
	}
}