{
	"id": "f66dea12-8a3b-44bd-8170-483510be7a2d",
	"created_at": "2026-04-06T00:11:46.658797Z",
	"updated_at": "2026-04-10T03:33:30.062355Z",
	"deleted_at": null,
	"sha1_hash": "e37fb8926362637bbd701af6eadc5b2bd4b8d5d2",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47142,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:44:40 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Lurk\n Tool: Lurk\nNames Lurk\nCategory Malware\nType Downloader, Dropper\nDescription\n(SecureWorks) Lurk is a malware downloader that uses digital steganography: the art of\nhiding secret information within a digital format, such as an image, audio, or video file.\nLurk specifically uses an algorithm that can embed encrypted URLs into an image file by\ninconspicuously manipulating individual pixels. The resulting image contains additional\ndata that is virtually invisible to an observer. Lurk's primary purpose is to download and\nexecute secondary malware payloads. In particular, the Dell SecureWorks Counter Threat\nUnit (CTU) research team has observed Lurk dropping malware used to commit click\nfraud.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 23 April 2020\nDownload this tool card in JSON format\nAll groups using tool Lurk\nChanged Name Country Observed\nAPT groups\n Lurk 2011-Jun 2016\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=da559a29-29ea-4956-8769-018b791db49a\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=da559a29-29ea-4956-8769-018b791db49a\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=da559a29-29ea-4956-8769-018b791db49a\r\nPage 2 of 2\n\nAPT groups Lurk 2011-Jun 2016  \n1 group listed (1 APT, 0 other, 0 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=da559a29-29ea-4956-8769-018b791db49a"
	],
	"report_names": [
		"listgroups.cgi?u=da559a29-29ea-4956-8769-018b791db49a"
	],
	"threat_actors": [
		{
			"id": "dcba8e2b-93e0-4d6e-a15f-5c44faebc3b1",
			"created_at": "2022-10-25T16:07:23.816991Z",
			"updated_at": "2026-04-10T02:00:04.758143Z",
			"deleted_at": null,
			"main_name": "Lurk",
			"aliases": [],
			"source_name": "ETDA:Lurk",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434306,
	"ts_updated_at": 1775792010,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e37fb8926362637bbd701af6eadc5b2bd4b8d5d2.pdf",
		"text": "https://archive.orkl.eu/e37fb8926362637bbd701af6eadc5b2bd4b8d5d2.txt",
		"img": "https://archive.orkl.eu/e37fb8926362637bbd701af6eadc5b2bd4b8d5d2.jpg"
	}
}