{
	"id": "f4c17ebd-572b-4c91-ae61-b90ae52642d6",
	"created_at": "2026-04-06T00:22:06.792148Z",
	"updated_at": "2026-04-10T03:20:47.362802Z",
	"deleted_at": null,
	"sha1_hash": "4ac78f9bc057307ea4141d2e9ce6f6a740fe8ae3",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48949,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:57:34 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool CamuBot\n Tool: CamuBot\nNames CamuBot\nCategory Malware\nType Banking trojan, Credential stealer\nDescription\n(IBM) Unlike other malware operated in Brazil, CamuBot is a defined new code. Very\ndifferent from typical banking Trojans, CamuBot does not hide its deployment. On the\ncontrary, it is very visible, using bank logos and overall brand imaging to appear like a\nsecurity application. It thus gains victims’ trust and leads them to install it without\nrealizing they are running an installation wizard for a Trojan horse.\nCamuBot is more sophisticated than the remote-overlay type malware commonly used in\nfraud schemes targeting users in Brazil. Instead of simplistic fake screens and a remote\naccess tool, CamuBot tactics resemble those used by Eastern European-made malware\nsuch as TrickBot, Dridex and QakBot, each of which focuses on business banking and\nblends social engineering with malware-assisted account and device takeover.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 24 May 2020\nDownload this tool card in JSON format\nAll groups using tool CamuBot\nChanged Name Country Observed\nUnknown groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=422aed98-ce3d-43cd-b756-d7b0e00731a8\nPage 1 of 2\n\n_[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=422aed98-ce3d-43cd-b756-d7b0e00731a8\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=422aed98-ce3d-43cd-b756-d7b0e00731a8\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=422aed98-ce3d-43cd-b756-d7b0e00731a8"
	],
	"report_names": [
		"listgroups.cgi?u=422aed98-ce3d-43cd-b756-d7b0e00731a8"
	],
	"threat_actors": [],
	"ts_created_at": 1775434926,
	"ts_updated_at": 1775791247,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4ac78f9bc057307ea4141d2e9ce6f6a740fe8ae3.pdf",
		"text": "https://archive.orkl.eu/4ac78f9bc057307ea4141d2e9ce6f6a740fe8ae3.txt",
		"img": "https://archive.orkl.eu/4ac78f9bc057307ea4141d2e9ce6f6a740fe8ae3.jpg"
	}
}