{ "id": "256a3a7f-b6b6-43a0-a679-869d4376447b", "created_at": "2026-04-06T00:21:37.47142Z", "updated_at": "2026-04-10T03:34:18.919996Z", "deleted_at": null, "sha1_hash": "5eb9e6f7ee430c043486f1ed6f5f3535d72fbd52", "title": "Lucky Cat - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 50509, "plain_text": "Lucky Cat - Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 15:38:49 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Lucky Cat\r\n Tool: Lucky Cat\r\nNames\r\nLucky Cat\r\nLuckyCat\r\nCategory Malware\r\nType Backdoor, Info stealer, Exfiltration\r\nDescription\r\n(Dark Reading) Trend Micro researchers found two Android apps in the early phase of\r\ndevelopment that can communicate with Luckycat's command-and-control (C\u0026C) server. The\r\nmalware is currently capable of gathering information on the mobile device and uploading and\r\ndownloading files as directed by the C\u0026C server. Some of the features, including remote shell,\r\nare still under construction, and it's unclear just how the attackers plan to infect victims with\r\nthe mobile malware, according to Trend Micro.\r\nInformation\r\n\u003chttps://www.darkreading.com/attacks-breaches/luckycat-apt-campaign-building-android-malware/d/d-id/1138130\u003e\r\n\u003chttps://blog.talosintelligence.com/2019/02/exilerat-shares-c2-with-luckycat.html\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/apk.luckycat\u003e\r\nLast change to this tool card: 28 December 2022\r\nDownload this tool card in JSON format\r\nAll groups using tool Lucky Cat\r\nChanged Name Country Observed\r\nAPT groups\r\n  Lucky Cat 2011  \r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c4282d04-3f95-470a-a8b8-460ff21abba8\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c4282d04-3f95-470a-a8b8-460ff21abba8\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c4282d04-3f95-470a-a8b8-460ff21abba8\r\nPage 2 of 2\n\nAPT groups Lucky Cat 2011 \n1 group listed (1 APT, 0 other, 0 unknown) \n Page 1 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c4282d04-3f95-470a-a8b8-460ff21abba8" ], "report_names": [ "listgroups.cgi?u=c4282d04-3f95-470a-a8b8-460ff21abba8" ], "threat_actors": [ { "id": "9792e41f-4165-474b-99fa-e74ec332bd87", "created_at": "2023-01-06T13:46:38.986789Z", "updated_at": "2026-04-10T02:00:03.172308Z", "deleted_at": null, "main_name": "Lucky Cat", "aliases": [ "TA413", "White Dev 9" ], "source_name": "MISPGALAXY:Lucky Cat", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "1a651080-cb2f-49bb-87cb-b9c6f6f99ce9", "created_at": "2022-10-25T16:07:23.809467Z", "updated_at": "2026-04-10T02:00:04.756067Z", "deleted_at": null, "main_name": "Lucky Cat", "aliases": [], "source_name": "ETDA:Lucky Cat", "tools": [ "Comfoo", "Comfoo RAT", "Lucky Cat", "LuckyCat", "Sojax", "Syndicasec", "WMI Ghost", "Wimmie" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434897, "ts_updated_at": 1775792058, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5eb9e6f7ee430c043486f1ed6f5f3535d72fbd52.pdf", "text": "https://archive.orkl.eu/5eb9e6f7ee430c043486f1ed6f5f3535d72fbd52.txt", "img": "https://archive.orkl.eu/5eb9e6f7ee430c043486f1ed6f5f3535d72fbd52.jpg" } }