{ "id": "0918c773-79b0-4716-a6e8-78c3990e53cb", "created_at": "2026-04-06T00:11:55.171798Z", "updated_at": "2026-04-10T03:28:17.906163Z", "deleted_at": null, "sha1_hash": "fe832da28078f55f28b957414219ba0785da27cf", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 55974, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 13:29:17 UTC\r\n APT group: TaskMasters\r\nNames TaskMasters (Positive Technologies)\r\nCountry China\r\nMotivation Information theft and espionage\r\nFirst seen 2010\r\nDescription\r\n(Positive Technologies}) The main objective of the group is to steal confidential\r\ninformation. The attackers attempt to burrow into corporate information systems for\r\nextended periods and obtain access to key servers, executive workstations, and\r\nbusiness-critical systems.\r\nAt one of the attacked companies, the earliest traces of the group's presence on\r\ninfrastructure dated to 2010. Since the group had obtained full control of some\r\nservers and workstations by that time, the initial breach must have occurred much\r\nearlier.\r\nMost of the attacked companies relate to manufacturing and industry. In total we are\r\naware of compromise of over 30 companies and organizations in various sectors,\r\nincluding:\r\n• Manufacturing and industry\r\n• Energy\r\n• Government\r\n• Science and technology\r\n• Systems integration\r\n• Software development\r\n• Geology\r\n• Transport and logistics\r\n• Real estate\r\n• Construction\r\nThe group attacked companies in a number of countries. A significant number of\r\ntheir targets were located in Russia and the CIS.\r\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d07c892e-b93a-4850-a6d1-ef90f8c6ff1c\r\nPage 1 of 2\n\nObserved\nSectors: Construction, Energy, Government, IT, Manufacturing, Shipping and\nLogistics, Technology, Transportation and Systems integration and Real estate.\nCountries: Russia and CIS.\nTools used\n404-Input-shell web shell, ASPXSpy, AtNow, DbxDump Utility, gsecdump, HTran,\njsp File browser, Mimikatz, nbtscan, PortScan, ProcDump, PsExec, PsList, pwdump,\nreGeorg, RemShell, RemShell Downloader.\nOperations performed May 2021\nChinese APTs attack Russia\nInformation Last change to this card: 10 August 2021\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d07c892e-b93a-4850-a6d1-ef90f8c6ff1c\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=d07c892e-b93a-4850-a6d1-ef90f8c6ff1c\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/showcard.cgi?u=d07c892e-b93a-4850-a6d1-ef90f8c6ff1c" ], "report_names": [ "showcard.cgi?u=d07c892e-b93a-4850-a6d1-ef90f8c6ff1c" ], "threat_actors": [ { "id": "ed4c7e37-461f-40f1-ad43-6ad7e21b32bc", "created_at": "2022-10-25T16:07:24.303712Z", "updated_at": "2026-04-10T02:00:04.929134Z", "deleted_at": null, "main_name": "TaskMasters", "aliases": [], "source_name": "ETDA:TaskMasters", "tools": [ "404-Input-shell web shell", "ASPXSpy", "ASPXTool", "AtNow", "DbxDump Utility", "HTran", "HUC Packet Transmit Tool", "Mimikatz", "NBTscan", "PortScan", "ProcDump", "PsExec", "PsList", "RemShell", "RemShell Downloader", "gsecdump", "jsp File browser", "nbtscan", "pwdump", "reGeorg" ], "source_id": "ETDA", "reports": null }, { "id": "4ae78ca3-8bc8-4d67-9df1-a85df250a8a0", "created_at": "2024-10-08T02:00:04.469211Z", "updated_at": "2026-04-10T02:00:03.726781Z", "deleted_at": null, "main_name": "TaskMasters", "aliases": [ "BlueTraveller" ], "source_name": "MISPGALAXY:TaskMasters", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434315, "ts_updated_at": 1775791697, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/fe832da28078f55f28b957414219ba0785da27cf.pdf", "text": "https://archive.orkl.eu/fe832da28078f55f28b957414219ba0785da27cf.txt", "img": "https://archive.orkl.eu/fe832da28078f55f28b957414219ba0785da27cf.jpg" } }