{
	"id": "2bd2a192-7587-407c-9811-8689278c8f5c",
	"created_at": "2026-04-06T00:16:49.517018Z",
	"updated_at": "2026-04-10T13:11:27.72701Z",
	"deleted_at": null,
	"sha1_hash": "e8d4f6d41a3f21d0d41551b20eb3cfa83b1f8b13",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51786,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-02 11:27:20 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Ramnit\n Tool: Ramnit\nNames\nRamnit\nNimnul\nCategory Malware\nType Banking trojan, Credential stealer, Info stealer, Exfiltration\nDescription\n(Cybereason) The Ramnit Trojan is a type of malware able to exfiltrate sensitive data.\nThis kind of data can include anything ranging from banking credentials, FTP passwords,\nsession cookies, and personal data. Leaking this information can easily destroy user trust\nin a business, and in the process lose customers and ruin reputations. Luckily, our\nonboarding was timely, and was able to detect the trojan just as it was beginning to\nexfiltrate information. Our customer used our remediation tool immediately to stop the\nexfiltration in its tracks.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 03 February 2022\nDownload this tool card in JSON format\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=662b809d-91d0-4190-b58d-b9080d2f70c3\nPage 1 of 2\n\nAll groups using tool Ramnit\r\nChanged Name Country Observed\r\nOther groups\r\n  TA554 [Unknown] 2017  \r\n1 group listed (0 APT, 1 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=662b809d-91d0-4190-b58d-b9080d2f70c3\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=662b809d-91d0-4190-b58d-b9080d2f70c3\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=662b809d-91d0-4190-b58d-b9080d2f70c3"
	],
	"report_names": [
		"listgroups.cgi?u=662b809d-91d0-4190-b58d-b9080d2f70c3"
	],
	"threat_actors": [
		{
			"id": "a3808e4f-c7fd-4d25-aa84-aacc27061826",
			"created_at": "2023-01-06T13:46:39.316216Z",
			"updated_at": "2026-04-10T02:00:03.285437Z",
			"deleted_at": null,
			"main_name": "TA554",
			"aliases": [
				"TH-163"
			],
			"source_name": "MISPGALAXY:TA554",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "9be98f84-4a93-41c7-90bd-3ea66ba5bfd7",
			"created_at": "2022-10-25T16:07:24.581954Z",
			"updated_at": "2026-04-10T02:00:05.040995Z",
			"deleted_at": null,
			"main_name": "TA554",
			"aliases": [
				"TH-163"
			],
			"source_name": "ETDA:TA554",
			"tools": [
				"DarkVNC",
				"Godzilla",
				"Godzilla Loader",
				"Gootkit",
				"Gootloader",
				"Gozi ISFB",
				"ISFB",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"Nimnul",
				"Pandemyia",
				"PsiX",
				"PsiXBot",
				"Ramnit",
				"StarsLord",
				"Waldek",
				"Xswkit",
				"sLoad",
				"talalpek"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434609,
	"ts_updated_at": 1775826687,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e8d4f6d41a3f21d0d41551b20eb3cfa83b1f8b13.pdf",
		"text": "https://archive.orkl.eu/e8d4f6d41a3f21d0d41551b20eb3cfa83b1f8b13.txt",
		"img": "https://archive.orkl.eu/e8d4f6d41a3f21d0d41551b20eb3cfa83b1f8b13.jpg"
	}
}