{
	"id": "80849dcd-a810-4f43-a468-35bcfecf05a4",
	"created_at": "2026-04-06T00:11:21.067606Z",
	"updated_at": "2026-04-10T03:29:44.343471Z",
	"deleted_at": null,
	"sha1_hash": "f720ea5688d723051d18cdc3ac50619b26da8e3f",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47549,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:19:50 UTC\n APT group: LazyScripter\nNames\nLazyScripter (Malwarebytes)\nG0140 (MITRE)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2018\nDescription\n(Malwarebytes) Malwarebytes’ Threat Intelligence analysts are continually researching\nand monitoring active malware campaigns and actor groups as the prevalence and\nsophistication of targeted attacks rapidly evolves. In this paper, we introduce a new APT\ngroup we have named LazyScripter, presenting in-depth analysis of the tactics,\ntechniques, procedures, and infrastructure employed by this actor group.\nObserved\nSectors: Aviation.\nCountries: Canada.\nTools used\nAdwind, EmpireProject, Empoder, Invoke-Ngrok, Koadic, KOCTOPUS, Luminosity\nRAT, Nishang, njRAT, Octopus, QuasarRAT, RemcosRAT, RMS.\nInformation MITRE ATT\u0026CK Last change to this card: 16 August 2025\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=84510b1b-3499-4a9f-bbeb-90b391e3d2cf\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=84510b1b-3499-4a9f-bbeb-90b391e3d2cf\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=84510b1b-3499-4a9f-bbeb-90b391e3d2cf"
	],
	"report_names": [
		"showcard.cgi?u=84510b1b-3499-4a9f-bbeb-90b391e3d2cf"
	],
	"threat_actors": [
		{
			"id": "b20281dd-8cc4-4284-b85c-f98c7e09ae48",
			"created_at": "2022-10-25T15:50:23.642844Z",
			"updated_at": "2026-04-10T02:00:05.392724Z",
			"deleted_at": null,
			"main_name": "LazyScripter",
			"aliases": [
				"LazyScripter"
			],
			"source_name": "MITRE:LazyScripter",
			"tools": [
				"Remcos",
				"QuasarRAT",
				"njRAT",
				"ngrok",
				"Koadic",
				"KOCTOPUS"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "712fc9fa-4283-431b-882c-5e0de9c12452",
			"created_at": "2022-10-25T16:07:23.770209Z",
			"updated_at": "2026-04-10T02:00:04.745132Z",
			"deleted_at": null,
			"main_name": "LazyScripter",
			"aliases": [
				"G0140"
			],
			"source_name": "ETDA:LazyScripter",
			"tools": [
				"Adwind",
				"Adwind RAT",
				"Alien Spy",
				"AlienSpy",
				"Bladabindi",
				"CinaRAT",
				"EmPyre",
				"EmpireProject",
				"Empoder",
				"Frutas",
				"Gussdoor",
				"Invoke-Ngrok",
				"JBifrost RAT",
				"JSocket",
				"Jorik",
				"KOCTOPUS",
				"Koadic",
				"Luminosity RAT",
				"LuminosityLink",
				"Nishang",
				"PowerShell Empire",
				"Quasar RAT",
				"QuasarRAT",
				"Remcos",
				"RemcosRAT",
				"Remote Manipulator System",
				"Remvio",
				"RuRAT",
				"Sockrat",
				"Socmer",
				"Trojan.Maljava",
				"UnReCoM",
				"Unknown RAT",
				"Unrecom",
				"Yggdrasil",
				"jBiFrost",
				"jConnectPro RAT",
				"jFrutas",
				"njRAT"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434281,
	"ts_updated_at": 1775791784,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f720ea5688d723051d18cdc3ac50619b26da8e3f.pdf",
		"text": "https://archive.orkl.eu/f720ea5688d723051d18cdc3ac50619b26da8e3f.txt",
		"img": "https://archive.orkl.eu/f720ea5688d723051d18cdc3ac50619b26da8e3f.jpg"
	}
}