{
	"id": "1279f183-0dd3-41cd-ab42-9c062e2cdaa3",
	"created_at": "2026-04-06T00:16:44.352968Z",
	"updated_at": "2026-04-10T03:25:13.253994Z",
	"deleted_at": null,
	"sha1_hash": "e9b20d4e14e2387c33af50e11f9786be819b3bcd",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50339,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-02 10:39:06 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ProLock\n Tool: ProLock\nNames\nProLock\nPwndLocker\nCategory Malware\nType Ransomware, Big Game Hunting\nDescription\n(ZDNet) In most of the incidents analyzed by security researchers, the ProLock\nransomware was deployed on networks that have been previously infected with the\nQakBot trojan.\nThe Qakbot trojan is distributed via email spam campaigns or is dropped as a second-stage payload on computers previously infected with the Emotet trojan. System\nadministrators who find computers infected with either of these two malware strains\nshould isolate systems and audit their networks, as the ProLock gang could be already\nwandering around their systems.\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool ProLock\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2f0e2d3f-e9a2-40a1-8708-3a0dc89af7fb\nPage 1 of 2\n\nChanged Name Country Observed\r\nAPT groups\r\n  Mallard Spider [Unknown] 2008-Dec 2020  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2f0e2d3f-e9a2-40a1-8708-3a0dc89af7fb\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2f0e2d3f-e9a2-40a1-8708-3a0dc89af7fb\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2f0e2d3f-e9a2-40a1-8708-3a0dc89af7fb"
	],
	"report_names": [
		"listgroups.cgi?u=2f0e2d3f-e9a2-40a1-8708-3a0dc89af7fb"
	],
	"threat_actors": [
		{
			"id": "aa5b200f-a6c6-4d17-bc65-911d9a7bf4ef",
			"created_at": "2022-10-25T16:07:23.866039Z",
			"updated_at": "2026-04-10T02:00:04.765416Z",
			"deleted_at": null,
			"main_name": "Mallard Spider",
			"aliases": [
				"Gold Lagoon"
			],
			"source_name": "ETDA:Mallard Spider",
			"tools": [
				"Egregor",
				"Mimikatz",
				"Oakboat",
				"PinkSlip",
				"Pinkslipbot",
				"ProLock",
				"PwndLocker",
				"QakBot",
				"Qbot",
				"QuackBot",
				"QuakBot"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "d5cb8d20-b5b9-4ec6-9660-3dded9bd3c89",
			"created_at": "2023-01-06T13:46:39.204681Z",
			"updated_at": "2026-04-10T02:00:03.245695Z",
			"deleted_at": null,
			"main_name": "MALLARD SPIDER",
			"aliases": [
				"GOLD LAGOON"
			],
			"source_name": "MISPGALAXY:MALLARD SPIDER",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434604,
	"ts_updated_at": 1775791513,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e9b20d4e14e2387c33af50e11f9786be819b3bcd.pdf",
		"text": "https://archive.orkl.eu/e9b20d4e14e2387c33af50e11f9786be819b3bcd.txt",
		"img": "https://archive.orkl.eu/e9b20d4e14e2387c33af50e11f9786be819b3bcd.jpg"
	}
}