{
	"id": "f14f301d-0e84-4725-80f1-8c982594e4fd",
	"created_at": "2026-04-06T00:09:32.778677Z",
	"updated_at": "2026-04-10T03:32:06.68942Z",
	"deleted_at": null,
	"sha1_hash": "e6ae6daa52aeb2dba9b129cae16b2c1fa3111913",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 53315,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 16:46:53 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Sykipot\n Tool: Sykipot\nNames\nSykipot\nGetkys\nWkysol\nCategory Malware\nType Info stealer\nDescription\nSykipot is malware that has been used in spearphishing campaigns since approximately\n2007 against victims primarily in the US. One variant of Sykipot hijacks smart cards on\nvictims. The group using this malware has also been referred to as Sykipot.\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 14 May 2020\nDownload this tool card in JSON format\nAll groups using tool Sykipot\nChanged Name Country Observed\nAPT groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3a57821c-322c-4128-a839-b5db51d76fbc\nPage 1 of 2\n\nAPT 4, Maverick Panda, Wisp Team 2007-Oct 2018  \r\n  Samurai Panda 2009  \r\n2 groups listed (2 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3a57821c-322c-4128-a839-b5db51d76fbc\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3a57821c-322c-4128-a839-b5db51d76fbc\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=3a57821c-322c-4128-a839-b5db51d76fbc"
	],
	"report_names": [
		"listgroups.cgi?u=3a57821c-322c-4128-a839-b5db51d76fbc"
	],
	"threat_actors": [
		{
			"id": "4fda88fa-7c1f-4e84-b3c8-56f73f21aaf5",
			"created_at": "2022-10-25T16:07:24.147011Z",
			"updated_at": "2026-04-10T02:00:04.881289Z",
			"deleted_at": null,
			"main_name": "Samurai Panda",
			"aliases": [],
			"source_name": "ETDA:Samurai Panda",
			"tools": [
				"Agent.dhwf",
				"Destroy RAT",
				"DestroyRAT",
				"FF-RAT",
				"FormerFirstRAT",
				"Getkys",
				"IsSpace",
				"KABOB",
				"Kaba",
				"Korplug",
				"NfLog RAT",
				"PlugX",
				"Poldat",
				"RedDelta",
				"Sogu",
				"Sykipot",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Wkysol",
				"Xamtrav",
				"Zlib",
				"ffrat"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "68cc6e37-f16d-4995-a75b-5e8e2a6cbb3d",
			"created_at": "2024-05-01T02:03:07.943593Z",
			"updated_at": "2026-04-10T02:00:03.795229Z",
			"deleted_at": null,
			"main_name": "BRONZE EDISON",
			"aliases": [
				"APT4 ",
				"DarkSeoul",
				"Maverick Panda ",
				"Salmon Typhoon ",
				"Sodium ",
				"Sykipot ",
				"TG-0623 ",
				"getkys"
			],
			"source_name": "Secureworks:BRONZE EDISON",
			"tools": [
				"Gh0st RAT",
				"Wkysol",
				"ZxPortMap"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "2ac8fb39-1ad4-407c-bf51-249751a575ba",
			"created_at": "2023-01-06T13:46:38.337728Z",
			"updated_at": "2026-04-10T02:00:02.933527Z",
			"deleted_at": null,
			"main_name": "SAMURAI PANDA",
			"aliases": [
				"PLA Navy",
				"Wisp Team"
			],
			"source_name": "MISPGALAXY:SAMURAI PANDA",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d4ac28d1-66eb-4f2d-9f9b-a72394349fd0",
			"created_at": "2023-01-06T13:46:38.667954Z",
			"updated_at": "2026-04-10T02:00:03.061447Z",
			"deleted_at": null,
			"main_name": "APT4",
			"aliases": [
				"PLA Navy",
				"MAVERICK PANDA",
				"BRONZE EDISON",
				"SODIUM",
				"Salmon Typhoon"
			],
			"source_name": "MISPGALAXY:APT4",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6fbff48b-7a3e-4e54-ac22-b10f11e32337",
			"created_at": "2022-10-25T16:07:23.318008Z",
			"updated_at": "2026-04-10T02:00:04.539063Z",
			"deleted_at": null,
			"main_name": "APT 4",
			"aliases": [
				"APT 4",
				"Bronze Edison",
				"Maverick Panda",
				"Salmon Typhoo",
				"Sodium",
				"Sykipot",
				"TG-0623",
				"Wisp Team"
			],
			"source_name": "ETDA:APT 4",
			"tools": [
				"Getkys",
				"Sykipot",
				"Wkysol",
				"XMRig"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "593dd07d-853c-46cd-8117-e24061034bbf",
			"created_at": "2025-08-07T02:03:24.648074Z",
			"updated_at": "2026-04-10T02:00:03.625859Z",
			"deleted_at": null,
			"main_name": "BRONZE OVERBROOK",
			"aliases": [
				"Danti ",
				"DragonOK ",
				"Samurai Panda ",
				"Shallow Taurus ",
				"Temp.DragonOK "
			],
			"source_name": "Secureworks:BRONZE OVERBROOK",
			"tools": [
				"Aveo",
				"DDKONG",
				"Godzilla Webshell",
				"HelloBridge",
				"IsSpace",
				"NFLog Trojan",
				"PLAINTEE",
				"PlugX",
				"Rambo"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434172,
	"ts_updated_at": 1775791926,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e6ae6daa52aeb2dba9b129cae16b2c1fa3111913.pdf",
		"text": "https://archive.orkl.eu/e6ae6daa52aeb2dba9b129cae16b2c1fa3111913.txt",
		"img": "https://archive.orkl.eu/e6ae6daa52aeb2dba9b129cae16b2c1fa3111913.jpg"
	}
}