{
	"id": "2f1c9696-f21e-4c69-8221-8506db8ba263",
	"created_at": "2026-04-06T00:14:45.551278Z",
	"updated_at": "2026-04-10T13:12:50.067332Z",
	"deleted_at": null,
	"sha1_hash": "494405f094f2eaa8db3b39d8de5ab180246ad3a2",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46421,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 13:26:26 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool BrasDex\r\n Tool: BrasDex\r\nNames BrasDex\r\nCategory Malware\r\nType Banking trojan, Credential stealer\r\nDescription\r\n(ThreatFabric) This campaign involves a highly flexible novel Android malware dubbed\r\nBrasDex by ThreatFabric, featuring a complex keylogging system designed to abuse\r\nAccessibility Services to extract credentials specifically from a set of Brazilian targeted apps,\r\nas well as a highly capable Automated Transfer System (ATS) engine.\r\nWhen analyzing BrasDex, our team found the evidence of some desktop malware controlled\r\nthrough the same backend. Our analysts were able to identify the malware samples related to\r\nthe same campaign targeting Brazilian users as well: it involves Casbaneiro, a well-known\r\nmalware family known to be active in Latin America.\r\nInformation \u003chttps://www.threatfabric.com/blogs/brasdex-a-new-brazilian-ats-malware.html\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/apk.brasdex\u003e\r\nLast change to this tool card: 22 June 2023\r\nDownload this tool card in JSON format\r\nAll groups using tool BrasDex\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=84da9eff-cb85-45de-bec4-9fe78e8b3796\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=84da9eff-cb85-45de-bec4-9fe78e8b3796\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=84da9eff-cb85-45de-bec4-9fe78e8b3796\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=84da9eff-cb85-45de-bec4-9fe78e8b3796"
	],
	"report_names": [
		"listgroups.cgi?u=84da9eff-cb85-45de-bec4-9fe78e8b3796"
	],
	"threat_actors": [],
	"ts_created_at": 1775434485,
	"ts_updated_at": 1775826770,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/494405f094f2eaa8db3b39d8de5ab180246ad3a2.pdf",
		"text": "https://archive.orkl.eu/494405f094f2eaa8db3b39d8de5ab180246ad3a2.txt",
		"img": "https://archive.orkl.eu/494405f094f2eaa8db3b39d8de5ab180246ad3a2.jpg"
	}
}