{
	"id": "f67f0f6d-1223-44ba-be15-2c9bf193f3de",
	"created_at": "2026-04-06T00:07:39.522443Z",
	"updated_at": "2026-04-10T13:11:33.088444Z",
	"deleted_at": null,
	"sha1_hash": "f4362752ef1d5c9a77ee2026d8cf1c26b69e4477",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48160,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 21:41:03 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool GrewApacha\n Tool: GrewApacha\nNames GrewApacha\nCategory Malware\nType Backdoor\nDescription\n(Kaspersky) The threat actors used the above backdoor to collect information about infected\ncomputers and install additional malware on them.\nInformation Last change to this tool card: 27 August 2024\nDownload this tool card in JSON format\nAll groups using tool GrewApacha\nChanged Name Country Observed\nAPT groups\n APT 31, Judgment Panda, Zirconium 2016-Mar 2024\n CloudSorcerer [Unknown] 2024-Jul 2024\n2 groups listed (2 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=820a6b58-f941-4a75-a302-0e2da9730c54\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=820a6b58-f941-4a75-a302-0e2da9730c54\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=820a6b58-f941-4a75-a302-0e2da9730c54"
	],
	"report_names": [
		"listgroups.cgi?u=820a6b58-f941-4a75-a302-0e2da9730c54"
	],
	"threat_actors": [
		{
			"id": "aacd5cbc-604b-4b6e-9e58-ef96c5d1a784",
			"created_at": "2023-01-06T13:46:38.953463Z",
			"updated_at": "2026-04-10T02:00:03.159523Z",
			"deleted_at": null,
			"main_name": "APT31",
			"aliases": [
				"JUDGMENT PANDA",
				"BRONZE VINEWOOD",
				"Red keres",
				"Violet Typhoon",
				"TA412"
			],
			"source_name": "MISPGALAXY:APT31",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "5d1a4f32-cc52-4ee8-acab-993cfa2ef5ad",
			"created_at": "2024-07-09T02:00:04.425917Z",
			"updated_at": "2026-04-10T02:00:03.67013Z",
			"deleted_at": null,
			"main_name": "CloudSorcerer",
			"aliases": [],
			"source_name": "MISPGALAXY:CloudSorcerer",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "9e6186dd-9334-4aac-9957-98f022cd3871",
			"created_at": "2022-10-25T15:50:23.357398Z",
			"updated_at": "2026-04-10T02:00:05.368552Z",
			"deleted_at": null,
			"main_name": "ZIRCONIUM",
			"aliases": [
				"APT31",
				"Violet Typhoon"
			],
			"source_name": "MITRE:ZIRCONIUM",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "b1db2dce-5a2b-4fc4-85c2-d184acc956a0",
			"created_at": "2024-08-28T02:02:09.272572Z",
			"updated_at": "2026-04-10T02:00:04.622449Z",
			"deleted_at": null,
			"main_name": "CloudSorcerer",
			"aliases": [
				"Operation EastWind"
			],
			"source_name": "ETDA:CloudSorcerer",
			"tools": [
				"GrewApacha",
				"PlugY",
				"The CloudSorcerer"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "74d9dada-0106-414a-8bb9-b0d527db7756",
			"created_at": "2025-08-07T02:03:24.69718Z",
			"updated_at": "2026-04-10T02:00:03.733346Z",
			"deleted_at": null,
			"main_name": "BRONZE VINEWOOD",
			"aliases": [
				"APT31 ",
				"BRONZE EXPRESS ",
				"Judgment Panda ",
				"Red Keres",
				"TA412",
				"VINEWOOD ",
				"Violet Typhoon ",
				"ZIRCONIUM "
			],
			"source_name": "Secureworks:BRONZE VINEWOOD",
			"tools": [
				"DropboxAES RAT",
				"HanaLoader",
				"Metasploit",
				"Mimikatz",
				"Reverse ICMP shell",
				"Trochilus"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "dc7ee503-9494-4fb6-a678-440c68fd31d8",
			"created_at": "2022-10-25T16:07:23.349177Z",
			"updated_at": "2026-04-10T02:00:04.552639Z",
			"deleted_at": null,
			"main_name": "APT 31",
			"aliases": [
				"APT 31",
				"Bronze Vinewood",
				"G0128",
				"Judgment Panda",
				"Red Keres",
				"RedBravo",
				"TA412",
				"Violet Typhoon",
				"Zirconium"
			],
			"source_name": "ETDA:APT 31",
			"tools": [
				"9002 RAT",
				"Agent.dhwf",
				"AngryRebel",
				"CHINACHOPPER",
				"China Chopper",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"GrewApacha",
				"HOMEUNIX",
				"HiKit",
				"HidraQ",
				"Homux",
				"Hydraq",
				"Kaba",
				"Korplug",
				"McRAT",
				"MdmBot",
				"Moudour",
				"Mydoor",
				"PCRat",
				"PlugX",
				"RedDelta",
				"Roarur",
				"Sakula",
				"Sakula RAT",
				"Sakurel",
				"SinoChopper",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Trochilus RAT",
				"Xamtrav"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434059,
	"ts_updated_at": 1775826693,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f4362752ef1d5c9a77ee2026d8cf1c26b69e4477.pdf",
		"text": "https://archive.orkl.eu/f4362752ef1d5c9a77ee2026d8cf1c26b69e4477.txt",
		"img": "https://archive.orkl.eu/f4362752ef1d5c9a77ee2026d8cf1c26b69e4477.jpg"
	}
}