{
	"id": "d0de0403-2446-42c4-9021-51c0abb55204",
	"created_at": "2026-04-06T00:15:13.216987Z",
	"updated_at": "2026-04-10T03:32:07.745544Z",
	"deleted_at": null,
	"sha1_hash": "d775eb3e493c50ff7590f27b732fe6e2b387d72c",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 58225,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 23:17:24 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool RDP\r\n Tool: RDP\r\nNames\r\nRDP\r\nRemote Desktop Protocol\r\nCategory Tools\r\nType Backdoor\r\nDescription\r\n(Wikipedia) Remote Desktop Protocol (RDP) is a proprietary protocol developed by\r\nMicrosoft, which provides a user with a graphical interface to connect to another computer\r\nover a network connection. The user employs RDP client software for this purpose, while the\r\nother computer must run RDP server software.\r\nClients exist for most versions of Microsoft Windows (including Windows Mobile), Linux,\r\nUnix, macOS, iOS, Android, and other operating systems. RDP servers are built into Windows\r\noperating systems; an RDP server for Unix and OS X also exists. By default, the server listens\r\non TCP port 3389 and UDP port 3389.\r\nInformation \u003chttps://en.wikipedia.org/wiki/Remote_Desktop_Protocol\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool RDP\r\nChanged Name Country Observed\r\nAPT groups\r\n  Sweed [Unknown] 2017-2019  \r\nOther groups\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=826ad6c0-b07d-473e-a5ff-f0af8546ccfa\r\nPage 1 of 2\n\nAchilles [Unknown] 2018-Oct 2018  \r\n  Fxmsp 2016-Jul 2020\r\n3 groups listed (1 APT, 2 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=826ad6c0-b07d-473e-a5ff-f0af8546ccfa\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=826ad6c0-b07d-473e-a5ff-f0af8546ccfa\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=826ad6c0-b07d-473e-a5ff-f0af8546ccfa"
	],
	"report_names": [
		"listgroups.cgi?u=826ad6c0-b07d-473e-a5ff-f0af8546ccfa"
	],
	"threat_actors": [
		{
			"id": "f276b8a6-73c9-494a-8ab2-13e2f1da4c53",
			"created_at": "2022-10-25T16:07:24.441133Z",
			"updated_at": "2026-04-10T02:00:04.993411Z",
			"deleted_at": null,
			"main_name": "Achilles",
			"aliases": [],
			"source_name": "ETDA:Achilles",
			"tools": [
				"RDP",
				"Remote Desktop Protocol"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "fe3d8dee-3bee-42e6-8f16-b6628b6189ae",
			"created_at": "2023-01-06T13:46:39.039285Z",
			"updated_at": "2026-04-10T02:00:03.193589Z",
			"deleted_at": null,
			"main_name": "SWEED",
			"aliases": [],
			"source_name": "MISPGALAXY:SWEED",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "ab5dc2a3-16dc-421e-af45-d60c8b4aafac",
			"created_at": "2023-01-06T13:46:39.012588Z",
			"updated_at": "2026-04-10T02:00:03.180595Z",
			"deleted_at": null,
			"main_name": "Fxmsp",
			"aliases": [],
			"source_name": "MISPGALAXY:Fxmsp",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "f2c53785-fb8b-460d-ba73-7fbfba36f0f5",
			"created_at": "2022-10-25T16:07:24.247949Z",
			"updated_at": "2026-04-10T02:00:04.911034Z",
			"deleted_at": null,
			"main_name": "Sweed",
			"aliases": [],
			"source_name": "ETDA:Sweed",
			"tools": [
				"AgenTesla",
				"Agent Tesla",
				"AgentTesla",
				"ForeIT",
				"Formbook",
				"Loki",
				"Loki.Rat",
				"LokiBot",
				"LokiPWS",
				"Negasteal",
				"Origin Logger",
				"RDP",
				"Remote Desktop Protocol",
				"ZPAQ",
				"win.xloader"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "312b7781-5501-4c1e-a9d5-9b75e9ad8455",
			"created_at": "2022-10-25T16:07:24.488292Z",
			"updated_at": "2026-04-10T02:00:05.006738Z",
			"deleted_at": null,
			"main_name": "Fxmsp",
			"aliases": [
				"ATK 134",
				"TAG-CR17"
			],
			"source_name": "ETDA:Fxmsp",
			"tools": [
				"RDP",
				"Remote Desktop Protocol"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434513,
	"ts_updated_at": 1775791927,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d775eb3e493c50ff7590f27b732fe6e2b387d72c.pdf",
		"text": "https://archive.orkl.eu/d775eb3e493c50ff7590f27b732fe6e2b387d72c.txt",
		"img": "https://archive.orkl.eu/d775eb3e493c50ff7590f27b732fe6e2b387d72c.jpg"
	}
}