{
	"id": "3e06c154-4e00-44e5-be1d-405cbb13b40b",
	"created_at": "2026-04-06T00:08:14.277929Z",
	"updated_at": "2026-04-10T13:12:07.284674Z",
	"deleted_at": null,
	"sha1_hash": "e5989211768a1105812bca6f8c9eaa47e59aa27d",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29394,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 15:56:51 UTC\r\n(BleepingComputer) With the high ransom prices and big payouts of enterprise-targeting ransomware, we now\r\nhave another ransomware known as Mailto or Netwalker that is compromising enterprise networks and encrypting\r\nall of the Windows devices connected to it.\r\nIn August 2019 a new ransomware was spotted in ID Ransomware that was named Mailto based on the extension\r\nthat was appended to encrypted files.\r\nIt was not known until today when the Australian Toll Group disclosed that their network was attacked by the\r\nMailto ransomware, that we discovered that this ransomware is targeting the enterprise.\r\nIt should be noted that the ransomware has been commonly called the Mailto Ransomware due to the appended\r\nextension, but analysis of one of its decryptors indicates that it is named Netwalker.\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2780e90e-39b2-4609-938b-72c45e2a5e25\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2780e90e-39b2-4609-938b-72c45e2a5e25\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2780e90e-39b2-4609-938b-72c45e2a5e25"
	],
	"report_names": [
		"listgroups.cgi?u=2780e90e-39b2-4609-938b-72c45e2a5e25"
	],
	"threat_actors": [],
	"ts_created_at": 1775434094,
	"ts_updated_at": 1775826727,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e5989211768a1105812bca6f8c9eaa47e59aa27d.pdf",
		"text": "https://archive.orkl.eu/e5989211768a1105812bca6f8c9eaa47e59aa27d.txt",
		"img": "https://archive.orkl.eu/e5989211768a1105812bca6f8c9eaa47e59aa27d.jpg"
	}
}