{
	"id": "ae76190c-44fc-4e6e-9527-5331c000f128",
	"created_at": "2026-04-06T00:09:06.356793Z",
	"updated_at": "2026-04-10T03:21:35.313055Z",
	"deleted_at": null,
	"sha1_hash": "46dfaea6705f948af41e3adf7f5f6f192f268382",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46348,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 15:29:09 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Baka\r\n Tool: Baka\r\nNames Baka\r\nCategory Malware\r\nType Banking trojan, Info stealer, Exfiltration\r\nDescription\r\n(Visa) In February 2020, Visa Payment Fraud Disruption (PFD), using the eCommerce Threat\r\nDisruption (eTD) capability, identified a previously unknown ecommerce skimmer, and named\r\nthe skimmer ‘Baka’. PFD made the discovery while analyzing a command and control (C2)\r\nserver that was previously observed hosting the ImageID skimmer variant. PFD’s investigation\r\nrevealed seven C2 servers hosting the Baka skimming kit. While the skimmer itself is basicand\r\ncontains the expected features offered by many ecommerce skimming kits (e.g. data\r\nexfiltration using image requests and configurable target form fields), the Bakaskimming kit’s\r\nadvanced design indicates it was created by a skilled developer.\r\nInformation\r\n\u003chttps://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf\u003e\r\nLast change to this tool card: 17 September 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Baka\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec9c9bc1-624c-407a-891f-cf4181410906\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec9c9bc1-624c-407a-891f-cf4181410906\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ec9c9bc1-624c-407a-891f-cf4181410906"
	],
	"report_names": [
		"listgroups.cgi?u=ec9c9bc1-624c-407a-891f-cf4181410906"
	],
	"threat_actors": [],
	"ts_created_at": 1775434146,
	"ts_updated_at": 1775791295,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/46dfaea6705f948af41e3adf7f5f6f192f268382.pdf",
		"text": "https://archive.orkl.eu/46dfaea6705f948af41e3adf7f5f6f192f268382.txt",
		"img": "https://archive.orkl.eu/46dfaea6705f948af41e3adf7f5f6f192f268382.jpg"
	}
}