{
	"id": "5de955cc-c9d7-44e3-937f-f458d09d8124",
	"created_at": "2026-04-06T00:09:35.352203Z",
	"updated_at": "2026-04-10T13:11:28.954733Z",
	"deleted_at": null,
	"sha1_hash": "51da9774820fb5d6b4366253ae33af3bfca4b1c8",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 51056,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:24:37 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Dendroid\n Tool: Dendroid\nNames Dendroid\nCategory Malware\nType Backdoor, Info stealer, Exfiltration\nDescription\n(Lookout) This week, researchers found Dendroid, a custom “Remote Access Toolkit”\n(RAT) for Android targeting customers from Western countries, and yes, it breached\nGoogle Play. A RAT is a type of malware that is used to remotely control the devices it\nis installed on. The toolkit is being sold for $300 to anyone who wants to automate the\nmalware distribution process. The creator promises that the malware can take pictures\nusing the phone's camera, record audio and video, download existing pictures, record\ncalls, send texts, and more.\nInformation\nMITRE ATT\u0026CK Malpedia Last change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool Dendroid\nChanged Name Country Observed\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2b8a23ea-0cf2-40bf-8090-148a77def49f\nPage 1 of 2\n\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2b8a23ea-0cf2-40bf-8090-148a77def49f\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2b8a23ea-0cf2-40bf-8090-148a77def49f\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2b8a23ea-0cf2-40bf-8090-148a77def49f"
	],
	"report_names": [
		"listgroups.cgi?u=2b8a23ea-0cf2-40bf-8090-148a77def49f"
	],
	"threat_actors": [
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434175,
	"ts_updated_at": 1775826688,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/51da9774820fb5d6b4366253ae33af3bfca4b1c8.pdf",
		"text": "https://archive.orkl.eu/51da9774820fb5d6b4366253ae33af3bfca4b1c8.txt",
		"img": "https://archive.orkl.eu/51da9774820fb5d6b4366253ae33af3bfca4b1c8.jpg"
	}
}