{
	"id": "c4789622-a8cb-4f4f-936a-1a7d5b458f1e",
	"created_at": "2026-04-06T03:37:43.870394Z",
	"updated_at": "2026-04-10T13:11:44.115857Z",
	"deleted_at": null,
	"sha1_hash": "11ebfed8575057bd39c721721b201246579b6e3e",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52546,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-06 02:59:15 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Ploutus\r\n Tool: Ploutus\r\nNames\r\nPloutus\r\nPloutus ATM\r\nPlotus\r\nCategory Malware\r\nType ATM malware\r\nDescription\r\n(Symantec) According to external sources, the malware is transferred to the ATM by\r\nphysically inserting a new boot disk into the CD-ROM drive. The boot disk then transfers\r\nmalware.\r\nThe criminals created an interface to interact with the ATM software on a compromised\r\nATM, and are therefore able to withdraw all the available money from the containers\r\nholding the cash, also known as cassettes.\r\nOne interesting part to note is that the criminals are also able to read all the information\r\ntyped by cardholders through the ATM keypad, enabling them to steal the sensitive\r\ninformation without using any external device.\r\nInformation\r\n\u003chttps://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=4274cb7f-d65d-4928-bdf4-\r\n0275eedc80d2\u0026CommunityKey=1ecf5f55-9545-44d6-b0f4-\r\n4e4a7f5f5e68\u0026tab=librarydocuments\u003e\r\n\u003chttps://community.broadcom.com/symantecenterprise/communities/community-home/librarydocuments/viewdocument?DocumentKey=54602160-07ea-4dbb-8794-\r\n14725ea4c8ba\u0026CommunityKey=1ecf5f55-9545-44d6-b0f4-\r\n4e4a7f5f5e68\u0026tab=librarydocuments\u003e\r\n\u003chttps://www.fireeye.com/blog/threat-research/2017/01/new_ploutus_variant.html\u003e\r\n\u003chttp://antonioparata.blogspot.co.uk/2018/02/analyzing-nasty-net-protection-of.html\u003e\r\n\u003chttps://documents.trendmicro.com/assets/white_papers/wp-cashing-in-on-atm-malware.pdf\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.ploutus_atm\u003e\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fdf897ad-2431-44a2-b3da-b9a3d55d0387\r\nPage 1 of 2\n\nAlienVault OTX \u003chttps://otx.alienvault.com/browse/pulses?q=tag:ploutus\u003e\r\nLast change to this tool card: 29 December 2022\r\nDownload this tool card in JSON format\r\nAll groups using tool Ploutus\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fdf897ad-2431-44a2-b3da-b9a3d55d0387\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fdf897ad-2431-44a2-b3da-b9a3d55d0387\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fdf897ad-2431-44a2-b3da-b9a3d55d0387"
	],
	"report_names": [
		"listgroups.cgi?u=fdf897ad-2431-44a2-b3da-b9a3d55d0387"
	],
	"threat_actors": [],
	"ts_created_at": 1775446663,
	"ts_updated_at": 1775826704,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/11ebfed8575057bd39c721721b201246579b6e3e.pdf",
		"text": "https://archive.orkl.eu/11ebfed8575057bd39c721721b201246579b6e3e.txt",
		"img": "https://archive.orkl.eu/11ebfed8575057bd39c721721b201246579b6e3e.jpg"
	}
}