{
	"id": "c7547669-bcdd-4165-8928-e6c8042d8cdf",
	"created_at": "2026-04-06T00:22:27.753251Z",
	"updated_at": "2026-04-10T03:20:55.234851Z",
	"deleted_at": null,
	"sha1_hash": "745df73b64196daa5a198f92c94506925e3f0f69",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 44218,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 16:41:56 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Brokewell\r\n Tool: Brokewell\r\nNames Brokewell\r\nCategory Malware\r\nType Banking trojan\r\nDescription\r\n(ThreatFabric) Our Threat Intelligence shows that device takeover capabilities remain crucial\r\nfor any modern banking malware family, and new players entering the landscape are no\r\nexception. In most cases, remote access capabilities are built in from the start of the\r\ndevelopment cycle. Thus, it comes as no surprise that ThreatFabric analysts recently\r\ndiscovered a new mobile malware family, 'Brokewell,' with an extensive set of Device\r\nTakeover capabilities.\r\nInformation \u003chttps://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware\u003e\r\nLast change to this tool card: 18 June 2024\r\nDownload this tool card in JSON format\r\nAll groups using tool Brokewell\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=91b43807-7beb-471e-a899-a8d262f9cfef\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=91b43807-7beb-471e-a899-a8d262f9cfef\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=91b43807-7beb-471e-a899-a8d262f9cfef"
	],
	"report_names": [
		"listgroups.cgi?u=91b43807-7beb-471e-a899-a8d262f9cfef"
	],
	"threat_actors": [],
	"ts_created_at": 1775434947,
	"ts_updated_at": 1775791255,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/745df73b64196daa5a198f92c94506925e3f0f69.pdf",
		"text": "https://archive.orkl.eu/745df73b64196daa5a198f92c94506925e3f0f69.txt",
		"img": "https://archive.orkl.eu/745df73b64196daa5a198f92c94506925e3f0f69.jpg"
	}
}