{
	"id": "3b2d0088-0896-45d8-a872-fefae41059f4",
	"created_at": "2026-04-06T00:11:00.320341Z",
	"updated_at": "2026-04-10T03:22:13.940323Z",
	"deleted_at": null,
	"sha1_hash": "5890220e47a48bc730beabeda49f4971ed181596",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 58180,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:50:16 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Anubis\n Tool: Anubis\nNames\nAnubis\nBankBot\nGo_P00t\nandroid.bankbot\nandroid.bankspy\nCategory Malware\nType Banking trojan, Backdoor, Keylogger, Info stealer, Credential stealer\nDescription\n(Trend Micro) The Anubis malware masquerades as a benign app, prompts the user to\ngrant it accessibility rights, and also tries to steal account information. Banking trojans\nusually launch a fake overlay screen when the user accesses a target app and tries to\nsteal information when the user inputs account credentials into the overlay. However,\nAnubis’ process is a little different. It has a built-in keylogger that can simply steal a\nusers’ account credentials by logging the keystrokes. The malware can also take a\nscreenshot of the infected users’ screen, which is another way to get the victims\ncredentials.\nInformation https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a30f599-8c6c-4721-a736-4b21c8def62b\nPage 1 of 2\n\nreverse-engineering/2018/08/30/Unpacking-Anubis-APK.html\u003e\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool Anubis\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a30f599-8c6c-4721-a736-4b21c8def62b\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a30f599-8c6c-4721-a736-4b21c8def62b\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a30f599-8c6c-4721-a736-4b21c8def62b"
	],
	"report_names": [
		"listgroups.cgi?u=0a30f599-8c6c-4721-a736-4b21c8def62b"
	],
	"threat_actors": [],
	"ts_created_at": 1775434260,
	"ts_updated_at": 1775791333,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5890220e47a48bc730beabeda49f4971ed181596.pdf",
		"text": "https://archive.orkl.eu/5890220e47a48bc730beabeda49f4971ed181596.txt",
		"img": "https://archive.orkl.eu/5890220e47a48bc730beabeda49f4971ed181596.jpg"
	}
}