{
	"id": "daa656bf-07cd-4a22-822d-01dee209d8c7",
	"created_at": "2026-04-06T00:18:21.919998Z",
	"updated_at": "2026-04-10T03:34:57.699977Z",
	"deleted_at": null,
	"sha1_hash": "cb50b1ec7a7ce04b7d08571e335e278ab42fbe04",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48531,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:20:58 UTC\n Other threat group: Pacha Group\nNames Pacha Group (Intezer)\nCountry China\nMotivation Financial gain\nFirst seen 2018\nDescription\n(Intezer) Antd is a miner found in the wild on September 18, 2018. Recently we\ndiscovered that the authors from Antd are actively delivering newer campaigns\ndeploying a broad number of components, most of them completely undetected and\noperating within compromised third party Linux servers. Furthermore, we have\nobserved that some of the techniques implemented by this group are unconventional,\nand there is an element of sophistication to them. We believe the authors behind this\nmalware are from Chinese origin. We have labeled the undetected Linux.Antd\nvariants, Linux.GreedyAntd and classified the threat actor as Pacha Group.\nObserved\nTools used Antd, DDG, Korkerds, XMRig.\nOperations performed\nSep 2018\nIntezer has evidence dating back to September 2018 which shows\nPacha Group has been using a cryptomining malware that has gone\nundetected on other engines.\nMay 2019\nPacha Group Competing against Rocke, Iron Group Group for\nCryptocurrency Mining Foothold on the Cloud\nInformation Last change to this card: 15 April 2020\nDownload this actor card in PDF or JSON format\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=4ca48576-dcc1-42dc-84c9-5201977aa56b\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=4ca48576-dcc1-42dc-84c9-5201977aa56b\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=4ca48576-dcc1-42dc-84c9-5201977aa56b\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=4ca48576-dcc1-42dc-84c9-5201977aa56b"
	],
	"report_names": [
		"showcard.cgi?u=4ca48576-dcc1-42dc-84c9-5201977aa56b"
	],
	"threat_actors": [
		{
			"id": "7c053836-8f50-4d40-bc5c-7088967e1b57",
			"created_at": "2022-10-25T16:07:24.549525Z",
			"updated_at": "2026-04-10T02:00:05.03048Z",
			"deleted_at": null,
			"main_name": "Rocke",
			"aliases": [
				"Aged Libra",
				"G0106",
				"Iron Group",
				"Rocke"
			],
			"source_name": "ETDA:Rocke",
			"tools": [
				"Godlua",
				"Kerberods",
				"LSD",
				"Pro-Ocean",
				"Xbash"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "5b9d2809-47b7-46a8-ab2d-9687537f1bc7",
			"created_at": "2023-01-06T13:46:38.804869Z",
			"updated_at": "2026-04-10T02:00:03.107112Z",
			"deleted_at": null,
			"main_name": "Iron Group",
			"aliases": [
				"Iron Cyber Group"
			],
			"source_name": "MISPGALAXY:Iron Group",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "18bcbaa6-8e7b-43c4-9db7-8b0b315ee5a3",
			"created_at": "2023-01-06T13:46:39.024086Z",
			"updated_at": "2026-04-10T02:00:03.184974Z",
			"deleted_at": null,
			"main_name": "Pacha Group",
			"aliases": [],
			"source_name": "MISPGALAXY:Pacha Group",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "905eabd9-2b7f-483d-86bd-0c72f96b4162",
			"created_at": "2023-01-06T13:46:39.02749Z",
			"updated_at": "2026-04-10T02:00:03.185957Z",
			"deleted_at": null,
			"main_name": "Rocke",
			"aliases": [
				"Aged Libra"
			],
			"source_name": "MISPGALAXY:Rocke",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "0b02af5f-2027-42b7-a6f2-51e2fd49ba7f",
			"created_at": "2022-10-25T15:50:23.360509Z",
			"updated_at": "2026-04-10T02:00:05.337702Z",
			"deleted_at": null,
			"main_name": "Rocke",
			"aliases": [
				"Rocke"
			],
			"source_name": "MITRE:Rocke",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "484c5fed-029e-4504-b75a-bbdbc9460595",
			"created_at": "2022-10-25T16:07:24.529893Z",
			"updated_at": "2026-04-10T02:00:05.02425Z",
			"deleted_at": null,
			"main_name": "Pacha Group",
			"aliases": [],
			"source_name": "ETDA:Pacha Group",
			"tools": [
				"Antd",
				"DDG",
				"GreedyAntd",
				"Korkerds",
				"XMRig"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434701,
	"ts_updated_at": 1775792097,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cb50b1ec7a7ce04b7d08571e335e278ab42fbe04.pdf",
		"text": "https://archive.orkl.eu/cb50b1ec7a7ce04b7d08571e335e278ab42fbe04.txt",
		"img": "https://archive.orkl.eu/cb50b1ec7a7ce04b7d08571e335e278ab42fbe04.jpg"
	}
}