{
	"id": "704907e0-2271-4f1b-a5b7-36d991bed209",
	"created_at": "2026-04-06T00:13:27.693206Z",
	"updated_at": "2026-04-10T13:13:04.045058Z",
	"deleted_at": null,
	"sha1_hash": "c9b774592ebbe72f39ac177a22e41904694969df",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48753,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:49:48 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Cutwail\n Tool: Cutwail\nNames\nCutwail\nPushdo\nCategory Malware\nType Botnet, Downloader\nDescription\nPushdo is usually classified as a 'downloader' trojan - meaning its true purpose is to\ndownload and install additional malicious software. There are dozens of downloader\ntrojan families out there, but Pushdo is actually more sophisticated than most, but that\nsophistication lies in the Pushdo control server rather than the trojan.\nInformation\nMalpedia\nAlienVault OTX Last change to this tool card: 20 April 2021\nDownload this tool card in JSON format\nAll groups using tool Cutwail\nChanged Name Country Observed\nOther groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bfadc267-6096-4807-aa1d-2f048fe81a8f\nPage 1 of 2\n\nNarwhal Spider [Unknown] 2007-Oct 2018\r\n1 group listed (0 APT, 1 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bfadc267-6096-4807-aa1d-2f048fe81a8f\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bfadc267-6096-4807-aa1d-2f048fe81a8f\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bfadc267-6096-4807-aa1d-2f048fe81a8f"
	],
	"report_names": [
		"listgroups.cgi?u=bfadc267-6096-4807-aa1d-2f048fe81a8f"
	],
	"threat_actors": [
		{
			"id": "c91f7778-69aa-45fa-be0e-4ee33daf8fbd",
			"created_at": "2023-01-06T13:46:39.110148Z",
			"updated_at": "2026-04-10T02:00:03.216613Z",
			"deleted_at": null,
			"main_name": "NARWHAL SPIDER",
			"aliases": [
				"GOLD ESSEX",
				"TA544",
				"Storm-0302"
			],
			"source_name": "MISPGALAXY:NARWHAL SPIDER",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "cc045f52-bbdb-4fcc-8fbf-a0d8a7c5e64f",
			"created_at": "2022-10-25T16:07:24.519535Z",
			"updated_at": "2026-04-10T02:00:05.019918Z",
			"deleted_at": null,
			"main_name": "Narwhal Spider",
			"aliases": [
				"Gold Essex",
				"Storm-0302"
			],
			"source_name": "ETDA:Narwhal Spider",
			"tools": [
				"Cutwail",
				"Pushdo"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "956fc691-b6c6-4b09-b69d-8f007c189839",
			"created_at": "2025-08-07T02:03:24.860251Z",
			"updated_at": "2026-04-10T02:00:03.656547Z",
			"deleted_at": null,
			"main_name": "GOLD ESSEX",
			"aliases": [
				"Narwhal Spider ",
				"Storm-0302 ",
				"TA544 "
			],
			"source_name": "Secureworks:GOLD ESSEX",
			"tools": [
				"Cutwail",
				"Pony",
				"Pushdo"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434407,
	"ts_updated_at": 1775826784,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c9b774592ebbe72f39ac177a22e41904694969df.pdf",
		"text": "https://archive.orkl.eu/c9b774592ebbe72f39ac177a22e41904694969df.txt",
		"img": "https://archive.orkl.eu/c9b774592ebbe72f39ac177a22e41904694969df.jpg"
	}
}