{
	"id": "220828b1-9e6c-4932-a2d4-49af4c648ef0",
	"created_at": "2026-04-06T00:17:47.855818Z",
	"updated_at": "2026-04-10T03:36:08.344387Z",
	"deleted_at": null,
	"sha1_hash": "fc3704b0f5f94d0a05455c55e8ebc487bf392023",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49553,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 17:06:16 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool VenomLNK\n Tool: VenomLNK\nNames VenomLNK\nCategory Exploits\nType Loader\nDescription\n(QuoINT) We have observed a Windows Shortcut file dubbed as VenomLNK used in various\ncampaigns involving different infection chains. We hypothesize this is a new variation of a\npreviously highlighted malicious document kit builder known as VenomKit, a building-kit tool\nthat threat actors use to craft malicious Rich Text File (RTF) documents that exploit multiple\nvulnerabilities. Successful exploitation of those vulnerabilities leads to the delivery of batch\nand scriptlet files on a system and execution to download the second stage payload from a Web\nresource.\nInformation\nMalpedia Last change to this tool card: 24 April 2021\nDownload this tool card in JSON format\nAll groups using tool VenomLNK\nChanged Name Country Observed\nAPT groups\n Venom Spider, Golden Chickens 2017-Jan 2025\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9a5487b5-7aeb-4cfa-8756-3354a0130f02\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9a5487b5-7aeb-4cfa-8756-3354a0130f02\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9a5487b5-7aeb-4cfa-8756-3354a0130f02\r\nPage 2 of 2\n\nAPT groups Venom Spider, Golden Chickens 2017-Jan 2025 \n1 group listed (1 APT, 0 other, 0 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=9a5487b5-7aeb-4cfa-8756-3354a0130f02"
	],
	"report_names": [
		"listgroups.cgi?u=9a5487b5-7aeb-4cfa-8756-3354a0130f02"
	],
	"threat_actors": [
		{
			"id": "f5c90ccc-0f18-4e07-a246-b62101ab2f6f",
			"created_at": "2023-01-06T13:46:38.854407Z",
			"updated_at": "2026-04-10T02:00:03.122844Z",
			"deleted_at": null,
			"main_name": "GC02",
			"aliases": [
				"Golden Chickens",
				"Golden Chickens02",
				"Golden Chickens 02"
			],
			"source_name": "MISPGALAXY:GC02",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "f2fa9952-301f-4376-ac69-743d6f2bec1e",
			"created_at": "2023-01-06T13:46:39.122721Z",
			"updated_at": "2026-04-10T02:00:03.22231Z",
			"deleted_at": null,
			"main_name": "VENOM SPIDER",
			"aliases": [
				"badbullz",
				"badbullzvenom"
			],
			"source_name": "MISPGALAXY:VENOM SPIDER",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "88802a4b-5b3d-42ee-99e6-8a4f5fd231f6",
			"created_at": "2023-01-06T13:46:38.851345Z",
			"updated_at": "2026-04-10T02:00:03.121861Z",
			"deleted_at": null,
			"main_name": "GC01",
			"aliases": [
				"Golden Chickens",
				"Golden Chickens01",
				"Golden Chickens 01"
			],
			"source_name": "MISPGALAXY:GC01",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "7a257844-df90-4bd4-b0f1-77d00ff82802",
			"created_at": "2022-10-25T16:07:24.376356Z",
			"updated_at": "2026-04-10T02:00:04.964565Z",
			"deleted_at": null,
			"main_name": "Venom Spider",
			"aliases": [
				"Golden Chickens",
				"TA4557",
				"Venom Spider"
			],
			"source_name": "ETDA:Venom Spider",
			"tools": [
				"More_eggs",
				"PureLocker",
				"SONE",
				"SpicyOmelette",
				"StealerOne",
				"Taurus Builder",
				"Taurus Builder Kit",
				"Taurus Loader",
				"Taurus Loader Reconnaissance Module",
				"Taurus Loader Stealer Module",
				"Taurus Loader TeamViewer Module",
				"Terra Loader",
				"TerraCrypt",
				"TerraLogger",
				"TerraPreter",
				"TerraRecon",
				"TerraStealer",
				"TerraTV",
				"TerraWiper",
				"ThreatKit",
				"VenomKit",
				"VenomLNK",
				"lite_more_eggs"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434667,
	"ts_updated_at": 1775792168,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fc3704b0f5f94d0a05455c55e8ebc487bf392023.pdf",
		"text": "https://archive.orkl.eu/fc3704b0f5f94d0a05455c55e8ebc487bf392023.txt",
		"img": "https://archive.orkl.eu/fc3704b0f5f94d0a05455c55e8ebc487bf392023.jpg"
	}
}