{
	"id": "11573eb2-1903-4e87-a221-d766cb7eeb54",
	"created_at": "2026-04-06T00:19:22.076549Z",
	"updated_at": "2026-04-10T03:25:35.346349Z",
	"deleted_at": null,
	"sha1_hash": "cb83f093f7aceb5e88beb9b13ffd0b057d826103",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48040,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 15:41:22 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool BeaconLoader\n Tool: BeaconLoader\nNames BeaconLoader\nCategory Malware\nType Loader\nDescription\n(Positive Technologies) BeaconLoader is uploaded using DLL Hijacking. At the first stage, the\nlibrary receives the addresses of the functions and libraries necessary for its operation. Then, it\nchecks the name of the parent process and the privilege type (for further work, the SYSTEM\ntype and names msdtc.exe, msdtc.exe.mui, and vmtoolsd.exe are required).\nInformation\nLast change to this tool card: 02 November 2021\nDownload this tool card in JSON format\nAll groups using tool BeaconLoader\nChanged Name Country Observed\nAPT groups\n ChamelGang 2021-Jun 2023\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=93c315eb-5c5a-4e9c-8b31-14216ff9a407\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=93c315eb-5c5a-4e9c-8b31-14216ff9a407\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=93c315eb-5c5a-4e9c-8b31-14216ff9a407"
	],
	"report_names": [
		"listgroups.cgi?u=93c315eb-5c5a-4e9c-8b31-14216ff9a407"
	],
	"threat_actors": [
		{
			"id": "4434c71b-c424-4c06-b923-4f3f54f24f40",
			"created_at": "2022-10-25T16:07:23.453526Z",
			"updated_at": "2026-04-10T02:00:04.611408Z",
			"deleted_at": null,
			"main_name": "ChamelGang",
			"aliases": [
				"CamoFei"
			],
			"source_name": "ETDA:ChamelGang",
			"tools": [
				"7-Zip",
				"Agentemis",
				"BeaconLoader",
				"Cobalt Strike",
				"CobaltStrike",
				"DoorMe",
				"FRP",
				"Fast Reverse Proxy",
				"ProxyT",
				"Tiny SHell",
				"cobeacon",
				"tsh"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "a0673493-5872-49a0-8d0d-4391302cff01",
			"created_at": "2023-03-04T02:01:54.10107Z",
			"updated_at": "2026-04-10T02:00:03.358084Z",
			"deleted_at": null,
			"main_name": "Chamelgang",
			"aliases": [
				"CamoFei"
			],
			"source_name": "MISPGALAXY:Chamelgang",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434762,
	"ts_updated_at": 1775791535,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cb83f093f7aceb5e88beb9b13ffd0b057d826103.pdf",
		"text": "https://archive.orkl.eu/cb83f093f7aceb5e88beb9b13ffd0b057d826103.txt",
		"img": "https://archive.orkl.eu/cb83f093f7aceb5e88beb9b13ffd0b057d826103.jpg"
	}
}