{
	"id": "d463e9d7-2b4e-4747-94c7-b9a7b48ae4e3",
	"created_at": "2026-04-06T00:11:59.768856Z",
	"updated_at": "2026-04-10T03:20:54.584105Z",
	"deleted_at": null,
	"sha1_hash": "0beda49f3cff3f17ae889cbc5e0879da658999e4",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46555,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 21:53:46 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool GoldPickaxe\n Tool: GoldPickaxe\nNames GoldPickaxe\nCategory Malware\nType Banking trojan\nDescription\n(Group-IB) The GoldPickaxe family, which includes versions for iOS and Android, is based on\nthe GoldDigger Android Trojan and features regular updates designed to enhance their\ncapabilities and evade detection. GoldPickaxe.iOS, Group-IB researchers found, is capable of\ncollecting facial recognition data, identity documents, and intercepting SMS. Its Android\nsibling has the same functionality but also exhibits other functionalities typical of Android\nTrojans. To exploit the stolen biometric data, the threat actor utilizes AI-driven face-swapping\nservices to create deepfakes. This data combined with ID documents and the ability to\nintercept SMS, enables cybercriminals to gain unauthorized access to the victim’s banking\naccount – a new technique of monetary theft, previously unseen by Group-IB researchers in\nother fraud schemes.\nInformation Last change to this tool card: 07 March 2024\nDownload this tool card in JSON format\nAll groups using tool GoldPickaxe\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8ec4514b-485c-4391-ba81-02d06c44d33b\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8ec4514b-485c-4391-ba81-02d06c44d33b\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8ec4514b-485c-4391-ba81-02d06c44d33b\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8ec4514b-485c-4391-ba81-02d06c44d33b"
	],
	"report_names": [
		"listgroups.cgi?u=8ec4514b-485c-4391-ba81-02d06c44d33b"
	],
	"threat_actors": [],
	"ts_created_at": 1775434319,
	"ts_updated_at": 1775791254,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0beda49f3cff3f17ae889cbc5e0879da658999e4.pdf",
		"text": "https://archive.orkl.eu/0beda49f3cff3f17ae889cbc5e0879da658999e4.txt",
		"img": "https://archive.orkl.eu/0beda49f3cff3f17ae889cbc5e0879da658999e4.jpg"
	}
}