{
	"id": "4a6a7031-3296-46f4-9c70-0d312ddc61b8",
	"created_at": "2026-04-06T00:18:38.939075Z",
	"updated_at": "2026-04-10T13:12:36.427367Z",
	"deleted_at": null,
	"sha1_hash": "2837d9cd59e1a9a47e62aee8140f208093c17827",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47141,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 23:33:53 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ToxicPanda\r\n Tool: ToxicPanda\r\nNames ToxicPanda\r\nCategory Malware\r\nType Banking trojan, Backdoor\r\nDescription\r\n(Cleafy) ToxicPanda belongs to the modern RAT generation of mobile malware, as its Remote\r\nAccess capabilities allow Threat Actors (TAs) to conduct Account Takeover (ATO) directly\r\nfrom the infected device, thus exploiting the On Device Fraud (ODF) technique. This\r\nconsolidation of this technique has already been seen by other banking trojans, such as\r\nMedusa, Copybara, and, recently, BingoMod. Adopting a manual approach has several\r\nadvantages: it requires less skilled developers, TAs can distribute the malware's target base to\r\nany banking customers, and bypass various behavioral detection countermeasures put in place\r\nby multiple banks and financial services.\r\nInformation\r\n\u003chttps://www.cleafy.com/cleafy-labs/toxicpanda-a-new-banking-trojan-from-asia-hit-europe-and-latam\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/apk.toxic_panda\u003e\r\nLast change to this tool card: 27 December 2024\r\nDownload this tool card in JSON format\r\nAll groups using tool ToxicPanda\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=967382b3-4f2a-40d5-b0de-3542861b554b\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=967382b3-4f2a-40d5-b0de-3542861b554b\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=967382b3-4f2a-40d5-b0de-3542861b554b\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=967382b3-4f2a-40d5-b0de-3542861b554b"
	],
	"report_names": [
		"listgroups.cgi?u=967382b3-4f2a-40d5-b0de-3542861b554b"
	],
	"threat_actors": [],
	"ts_created_at": 1775434718,
	"ts_updated_at": 1775826756,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2837d9cd59e1a9a47e62aee8140f208093c17827.pdf",
		"text": "https://archive.orkl.eu/2837d9cd59e1a9a47e62aee8140f208093c17827.txt",
		"img": "https://archive.orkl.eu/2837d9cd59e1a9a47e62aee8140f208093c17827.jpg"
	}
}