{
	"id": "f3aa3152-7af9-4f10-b78f-e0e9082744b9",
	"created_at": "2026-04-06T00:14:19.819486Z",
	"updated_at": "2026-04-10T13:12:07.960618Z",
	"deleted_at": null,
	"sha1_hash": "c8253e0f810aa150e88b51f910d14a4502a5c02e",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43790,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 18:27:31 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Patao\n Tool: Patao\nNames Patao\nCategory Malware\nType Worm\nDescription\n(ESET) We haven’t noticed Win32/Potao employing any exploits and the malware isn’t\nparticularly technically advanced. (Shouldn’t call it an APT then, right?) Yet it does contain a\nfew other interesting techniques that ‘get the job done’, like the mechanism for spreading via\nUSB drives and disguising executables as Word and Excel documents.\nInformation Last change to this tool card: 20 April 2020\nDownload this tool card in JSON format\nAll groups using tool Patao\nChanged Name Country Observed\nAPT groups\n Operation Potao Express [Unknown] 2015\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a7017bce-d565-4c5f-bcb4-b78ba89f644d\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a7017bce-d565-4c5f-bcb4-b78ba89f644d\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a7017bce-d565-4c5f-bcb4-b78ba89f644d"
	],
	"report_names": [
		"listgroups.cgi?u=a7017bce-d565-4c5f-bcb4-b78ba89f644d"
	],
	"threat_actors": [
		{
			"id": "4a892faf-3d4d-4615-b7b6-cdbc2ce42d8d",
			"created_at": "2022-10-25T16:07:23.99045Z",
			"updated_at": "2026-04-10T02:00:04.824683Z",
			"deleted_at": null,
			"main_name": "Operation Potao Express",
			"aliases": [],
			"source_name": "ETDA:Operation Potao Express",
			"tools": [
				"FakeTC",
				"Patao"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434459,
	"ts_updated_at": 1775826727,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c8253e0f810aa150e88b51f910d14a4502a5c02e.pdf",
		"text": "https://archive.orkl.eu/c8253e0f810aa150e88b51f910d14a4502a5c02e.txt",
		"img": "https://archive.orkl.eu/c8253e0f810aa150e88b51f910d14a4502a5c02e.jpg"
	}
}