{
	"id": "78b040c6-426e-42d6-8d03-ca6109b95f81",
	"created_at": "2026-04-06T01:30:40.259685Z",
	"updated_at": "2026-04-10T13:13:07.715274Z",
	"deleted_at": null,
	"sha1_hash": "e9930da212c5168ff2372c66425fbbd556094f7e",
	"title": "Ngrok - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43932,
	"plain_text": "Ngrok - Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-06 01:03:10 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Invoke-Ngrok\r\n Tool: Invoke-Ngrok\r\nNames Invoke-Ngrok\r\nCategory Tools\r\nType Remote command\r\nDescription\r\nExpose local port of a remote victim over Internet. Use it to exploit or access local service\r\nremotely without public IP (RDP, SQL, SSH, SMB, FTP ...)\r\nInformation \u003chttps://github.com/benyG/Invoke-Ngrok\u003e\r\nLast change to this tool card: 19 April 2021\r\nDownload this tool card in JSON format\r\nAll groups using tool Invoke-Ngrok\r\nChanged Name Country Observed\r\nAPT groups\r\n  LazyScripter [Unknown] 2018  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9af4762a-2041-45d6-ae57-57deb8a93a11\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9af4762a-2041-45d6-ae57-57deb8a93a11\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9af4762a-2041-45d6-ae57-57deb8a93a11"
	],
	"report_names": [
		"listgroups.cgi?u=9af4762a-2041-45d6-ae57-57deb8a93a11"
	],
	"threat_actors": [
		{
			"id": "b20281dd-8cc4-4284-b85c-f98c7e09ae48",
			"created_at": "2022-10-25T15:50:23.642844Z",
			"updated_at": "2026-04-10T02:00:05.392724Z",
			"deleted_at": null,
			"main_name": "LazyScripter",
			"aliases": [
				"LazyScripter"
			],
			"source_name": "MITRE:LazyScripter",
			"tools": [
				"Remcos",
				"QuasarRAT",
				"njRAT",
				"ngrok",
				"Koadic",
				"KOCTOPUS"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "712fc9fa-4283-431b-882c-5e0de9c12452",
			"created_at": "2022-10-25T16:07:23.770209Z",
			"updated_at": "2026-04-10T02:00:04.745132Z",
			"deleted_at": null,
			"main_name": "LazyScripter",
			"aliases": [
				"G0140"
			],
			"source_name": "ETDA:LazyScripter",
			"tools": [
				"Adwind",
				"Adwind RAT",
				"Alien Spy",
				"AlienSpy",
				"Bladabindi",
				"CinaRAT",
				"EmPyre",
				"EmpireProject",
				"Empoder",
				"Frutas",
				"Gussdoor",
				"Invoke-Ngrok",
				"JBifrost RAT",
				"JSocket",
				"Jorik",
				"KOCTOPUS",
				"Koadic",
				"Luminosity RAT",
				"LuminosityLink",
				"Nishang",
				"PowerShell Empire",
				"Quasar RAT",
				"QuasarRAT",
				"Remcos",
				"RemcosRAT",
				"Remote Manipulator System",
				"Remvio",
				"RuRAT",
				"Sockrat",
				"Socmer",
				"Trojan.Maljava",
				"UnReCoM",
				"Unknown RAT",
				"Unrecom",
				"Yggdrasil",
				"jBiFrost",
				"jConnectPro RAT",
				"jFrutas",
				"njRAT"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439040,
	"ts_updated_at": 1775826787,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e9930da212c5168ff2372c66425fbbd556094f7e.pdf",
		"text": "https://archive.orkl.eu/e9930da212c5168ff2372c66425fbbd556094f7e.txt",
		"img": "https://archive.orkl.eu/e9930da212c5168ff2372c66425fbbd556094f7e.jpg"
	}
}