{
	"id": "2b6ee625-bb36-4703-acb3-d54f64fef9a8",
	"created_at": "2026-04-06T00:07:17.799945Z",
	"updated_at": "2026-04-10T03:24:09.72525Z",
	"deleted_at": null,
	"sha1_hash": "e20e9d5c01f439cc87dd3dc838b5ecd7f6fe8146",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43121,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 19:03:49 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool SUN4ME\r\n Tool: SUN4ME\r\nNames SUN4ME\r\nCategory Malware\r\nType Reconnaissance\r\nDescription\r\n(Mandiant) UNC2891 had deployed different versions of an extensive toolkit which appears to\r\nbe developed under the name SUN4ME. SUN4ME contains tools for network reconnaissance,\r\nhost enumeration, exploitation of known vulnerabilities, log wiping, file operations, as well as\r\ncommon shell utilities.\r\nInformation \u003chttps://www.mandiant.com/resources/unc2891-overview\u003e\r\nLast change to this tool card: 03 April 2022\r\nDownload this tool card in JSON format\r\nAll groups using tool SUN4ME\r\nChanged Name Country Observed\r\nAPT groups\r\n  UNC2891 [Unknown] 2020  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5f84bf2e-2a39-4843-bb18-d4d6fd20d751\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5f84bf2e-2a39-4843-bb18-d4d6fd20d751\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5f84bf2e-2a39-4843-bb18-d4d6fd20d751"
	],
	"report_names": [
		"listgroups.cgi?u=5f84bf2e-2a39-4843-bb18-d4d6fd20d751"
	],
	"threat_actors": [
		{
			"id": "8b0219d5-cb32-4702-a4d6-7de8beb9b7a8",
			"created_at": "2022-10-25T16:07:24.364598Z",
			"updated_at": "2026-04-10T02:00:04.955871Z",
			"deleted_at": null,
			"main_name": "UNC2891",
			"aliases": [],
			"source_name": "ETDA:UNC2891",
			"tools": [
				"BINBASH",
				"CAKETAP",
				"MIGLOGCLEANER",
				"SLAPSTICK",
				"STEELCORGI",
				"STEELHOUND",
				"SUN4ME",
				"Tiny SHell",
				"WINGCRACK",
				"WINGHOOK",
				"WIPERIGHT",
				"tsh"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434037,
	"ts_updated_at": 1775791449,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e20e9d5c01f439cc87dd3dc838b5ecd7f6fe8146.pdf",
		"text": "https://archive.orkl.eu/e20e9d5c01f439cc87dd3dc838b5ecd7f6fe8146.txt",
		"img": "https://archive.orkl.eu/e20e9d5c01f439cc87dd3dc838b5ecd7f6fe8146.jpg"
	}
}