{ "id": "9a2383e6-3320-48da-b771-75c0acb458a5", "created_at": "2026-04-06T00:19:55.44646Z", "updated_at": "2026-04-10T03:28:04.446677Z", "deleted_at": null, "sha1_hash": "f61936614bec2ad4ab1e987e4c5d1362f58ab3ed", "title": "Non-sucking Service Manager - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 53773, "plain_text": "Non-sucking Service Manager - Threat Group Cards: A Threat\r\nActor Encyclopedia\r\nArchived: 2026-04-05 20:48:32 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Non-sucking Service Manager\r\n Tool: Non-sucking Service Manager\r\nNames\r\nNon-sucking Service Manager\r\nNSSM\r\nCategory Tools\r\nDescription\r\nThe genuine nssm.exe file is a software component of NSSM by Iian Patterson.\r\nNon-Sucking Service Manager is a service manager for Microsoft Windows. Nssm.exe\r\nlaunches the Non-Sucking Service Manager program. This is not an essential Windows\r\nprocess and can be disabled if known to create problems. NSSM is a free utility that manages\r\nbackground and foreground services and processes. The program can be set to automatically\r\nrestart failing services. The program also logs all progress in an Event Log, making it easier to\r\nidentify applications that aren't behaving as they should.\r\nInformation \u003chttps://www.file.net/process/nssm.exe.html\u003e\r\nLast change to this tool card: 20 April 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Non-sucking Service Manager\r\nChanged Name Country Observed\r\nAPT groups\r\n  Chafer, APT 39 2014-Sep 2020\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f17f40a9-f9d0-42d5-9e69-72146a0038cb\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f17f40a9-f9d0-42d5-9e69-72146a0038cb\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f17f40a9-f9d0-42d5-9e69-72146a0038cb" ], "report_names": [ "listgroups.cgi?u=f17f40a9-f9d0-42d5-9e69-72146a0038cb" ], "threat_actors": [ { "id": "62947fad-14d2-40bf-a721-b1fc2fbe5b5d", "created_at": "2025-08-07T02:03:24.741594Z", "updated_at": "2026-04-10T02:00:03.653394Z", "deleted_at": null, "main_name": "COBALT HICKMAN", "aliases": [ "APT39 ", "Burgundy Sandstorm ", "Chafer ", "ITG07 ", "Remix Kitten " ], "source_name": "Secureworks:COBALT HICKMAN", "tools": [ "MechaFlounder", "Mimikatz", "Remexi", "TREKX" ], "source_id": "Secureworks", "reports": null }, { "id": "bee22874-f90e-410b-93f3-a2f9b1c2e695", "created_at": "2022-10-25T16:07:23.45097Z", "updated_at": "2026-04-10T02:00:04.610108Z", "deleted_at": null, "main_name": "Chafer", "aliases": [ "APT 39", "Burgundy Sandstorm", "Cobalt Hickman", "G0087", "ITG07", "Radio Serpens", "Remix Kitten", "TA454" ], "source_name": "ETDA:Chafer", "tools": [ "ASPXSpy", "ASPXTool", "Antak", "CACHEMONEY", "EternalBlue", "HTTPTunnel", "LOLBAS", "LOLBins", "Living off the Land", "MechaFlounder", "Metasploit", "Mimikatz", "NBTscan", "NSSM", "Non-sucking Service Manager", "POWBAT", "Plink", "PuTTY Link", "Rana", "Remcom", "Remexi", "RemoteCommandExecution", "SafetyKatz", "UltraVNC", "WCE", "Windows Credential Editor", "Windows Credentials Editor", "nbtscan", "pwdump" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434795, "ts_updated_at": 1775791684, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f61936614bec2ad4ab1e987e4c5d1362f58ab3ed.pdf", "text": "https://archive.orkl.eu/f61936614bec2ad4ab1e987e4c5d1362f58ab3ed.txt", "img": "https://archive.orkl.eu/f61936614bec2ad4ab1e987e4c5d1362f58ab3ed.jpg" } }