{
	"id": "9f1faee8-e1ca-4533-a7ff-d9159e759a31",
	"created_at": "2026-04-06T00:16:41.400244Z",
	"updated_at": "2026-04-10T13:11:43.649401Z",
	"deleted_at": null,
	"sha1_hash": "cb77584a231db0b78cce66ec65286fb0b31bfede",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49234,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:08:38 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool BroStealer\n Tool: BroStealer\nNames BroStealer\nCategory Malware\nType Info stealer, Exfiltration\nDescription\n(Kaspersky) We recently discovered a previously publicly unknown Android implant used in\n2018-2019 by the SideWinder threat group, which we dubbed BroStealer. The main purpose of\nthe BroStealer implant is to collect sensitive information from a victim’s device, such as\nphotos, SMS messages, call recordings and files from various messaging applications.\nAlthough SideWinder has numerous campaigns against victims using the Windows platform,\nrecent reports have shown that this threat group also goes after its targets via the mobile\nplatform.\nInformation Last change to this tool card: 16 May 2021\nDownload this tool card in JSON format\nAll groups using tool BroStealer\nChanged Name Country Observed\nAPT groups\n SideWinder, Rattlesnake 2012-2024\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5fb4301b-92e0-4258-b11a-bab7777e48f3\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5fb4301b-92e0-4258-b11a-bab7777e48f3\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5fb4301b-92e0-4258-b11a-bab7777e48f3"
	],
	"report_names": [
		"listgroups.cgi?u=5fb4301b-92e0-4258-b11a-bab7777e48f3"
	],
	"threat_actors": [
		{
			"id": "d0c0a5ea-3066-42a5-846c-b13527f64a3e",
			"created_at": "2023-01-06T13:46:39.080551Z",
			"updated_at": "2026-04-10T02:00:03.206572Z",
			"deleted_at": null,
			"main_name": "RAZOR TIGER",
			"aliases": [
				"APT-C-17",
				"T-APT-04",
				"SideWinder"
			],
			"source_name": "MISPGALAXY:RAZOR TIGER",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6b9fc913-06c6-4432-8c58-86a3ac614564",
			"created_at": "2022-10-25T16:07:24.185236Z",
			"updated_at": "2026-04-10T02:00:04.893541Z",
			"deleted_at": null,
			"main_name": "SideWinder",
			"aliases": [
				"APT-C-17",
				"APT-Q-39",
				"BabyElephant",
				"G0121",
				"GroupA21",
				"HN2",
				"Hardcore Nationalist",
				"Rattlesnake",
				"Razor Tiger",
				"SideWinder",
				"T-APT-04"
			],
			"source_name": "ETDA:SideWinder",
			"tools": [
				"BroStealer",
				"Capriccio RAT",
				"callCam"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "173f1641-36e3-4bce-9834-c5372468b4f7",
			"created_at": "2022-10-25T15:50:23.349637Z",
			"updated_at": "2026-04-10T02:00:05.3486Z",
			"deleted_at": null,
			"main_name": "Sidewinder",
			"aliases": [
				"Sidewinder",
				"T-APT-04"
			],
			"source_name": "MITRE:Sidewinder",
			"tools": [
				"Koadic"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434601,
	"ts_updated_at": 1775826703,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cb77584a231db0b78cce66ec65286fb0b31bfede.pdf",
		"text": "https://archive.orkl.eu/cb77584a231db0b78cce66ec65286fb0b31bfede.txt",
		"img": "https://archive.orkl.eu/cb77584a231db0b78cce66ec65286fb0b31bfede.jpg"
	}
}