{
	"id": "dd750c60-3dde-4d1e-957a-3a4a39e82bb3",
	"created_at": "2026-04-06T00:10:38.238551Z",
	"updated_at": "2026-04-10T03:28:53.845984Z",
	"deleted_at": null,
	"sha1_hash": "e63ef3edd0848e194142647c5d80d5debdbd16e1",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43304,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 18:26:05 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool SnifLite\r\n Tool: SnifLite\r\nNames SnifLite\r\nCategory Malware\r\nType Credential stealer\r\nDescription\r\n(Group-IB) After deobfuscating the code, Group-IB found that the attacks used a sniffer from\r\nthe SnifLite family, already known to Group-IB experts and used by the threat actor\r\nUltraRank. Due to the relatively small number of infected websites, the attackers most likely\r\nused the credentials in the CMS administrative panel, which, in turn, could have been\r\ncompromised using malware or as a result of brute force attacks.\r\nInformation \u003chttps://www.group-ib.com/blog/ultrarank\u003e\r\nLast change to this tool card: 07 January 2021\r\nDownload this tool card in JSON format\r\nAll groups using tool SnifLite\r\nChanged Name Country Observed\r\nAPT groups\r\n  UltraRank [Unknown] 2015-Nov 2020  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a66b3b44-3a8f-4fba-9a0e-956abc89f879\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a66b3b44-3a8f-4fba-9a0e-956abc89f879\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a66b3b44-3a8f-4fba-9a0e-956abc89f879"
	],
	"report_names": [
		"listgroups.cgi?u=a66b3b44-3a8f-4fba-9a0e-956abc89f879"
	],
	"threat_actors": [
		{
			"id": "d802a34a-fcca-484e-8b12-1f0c721fccbe",
			"created_at": "2022-10-25T16:07:24.35515Z",
			"updated_at": "2026-04-10T02:00:04.951945Z",
			"deleted_at": null,
			"main_name": "UltraRank",
			"aliases": [],
			"source_name": "ETDA:UltraRank",
			"tools": [
				"SnifLite"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434238,
	"ts_updated_at": 1775791733,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e63ef3edd0848e194142647c5d80d5debdbd16e1.pdf",
		"text": "https://archive.orkl.eu/e63ef3edd0848e194142647c5d80d5debdbd16e1.txt",
		"img": "https://archive.orkl.eu/e63ef3edd0848e194142647c5d80d5debdbd16e1.jpg"
	}
}