{
	"id": "d31b622f-58bc-4d70-8019-15632275c4c8",
	"created_at": "2026-04-06T00:10:17.526514Z",
	"updated_at": "2026-04-10T03:24:43.685446Z",
	"deleted_at": null,
	"sha1_hash": "ed8756fe22a00a716f68d055b88796532b0a089d",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 54355,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 20:55:57 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool VINETHORN\r\n Tool: VINETHORN\r\nNames VINETHORN\r\nCategory Malware\r\nType Reconnaissance, Backdoor, Info stealer\r\nDescription\r\n(Mandiant) VINETHORN is an Android malware family capable of a wide range of backdoor\r\nfunctionality. It can steal system information, read SMS inboxes, send SMS messages, access\r\ncontact lists and call histories, record audio and video, and track device location via GPS.\r\nInformation \u003chttps://www.mandiant.com/media/17826\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/apk.vinethorn\u003e\r\nLast change to this tool card: 22 June 2023\r\nDownload this tool card in JSON format\r\nAll groups using tool VINETHORN\r\nChanged Name Country Observed\r\nAPT groups\r\n  APT 42 2015-Feb 2024  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dcc97ca8-9309-494b-a8a0-3a237bba093c\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dcc97ca8-9309-494b-a8a0-3a237bba093c\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=dcc97ca8-9309-494b-a8a0-3a237bba093c"
	],
	"report_names": [
		"listgroups.cgi?u=dcc97ca8-9309-494b-a8a0-3a237bba093c"
	],
	"threat_actors": [
		{
			"id": "9f778366-a4a7-42f1-ab1e-362aa065ee4f",
			"created_at": "2022-10-25T16:07:23.362157Z",
			"updated_at": "2026-04-10T02:00:04.562925Z",
			"deleted_at": null,
			"main_name": "APT 42",
			"aliases": [
				"GreenBravo"
			],
			"source_name": "ETDA:APT 42",
			"tools": [
				"BROKEYOLK",
				"CHAIRSMACK",
				"CORRUPT KITTEN",
				"DOSTEALER",
				"GORBLE",
				"Ghambar",
				"MAGICDROP",
				"PINEFLOWER",
				"POWERPOST",
				"SILENTUPLOADER",
				"TABBYCAT",
				"TAMECAT",
				"VBREVSHELL",
				"VINETHORN"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434217,
	"ts_updated_at": 1775791483,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ed8756fe22a00a716f68d055b88796532b0a089d.pdf",
		"text": "https://archive.orkl.eu/ed8756fe22a00a716f68d055b88796532b0a089d.txt",
		"img": "https://archive.orkl.eu/ed8756fe22a00a716f68d055b88796532b0a089d.jpg"
	}
}