{
	"id": "85e0e7db-e0e4-46a2-979a-420d4b7cf02e",
	"created_at": "2026-04-06T00:19:17.591476Z",
	"updated_at": "2026-04-10T03:20:56.246095Z",
	"deleted_at": null,
	"sha1_hash": "79ab8d3ee9e85d26226ee5c0465a62ebe69d2b7a",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46715,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:22:56 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool PixPirate\n Tool: PixPirate\nNames PixPirate\nCategory Malware\nType Banking trojan, Credential stealer\nDescription\n(Cleafy) PixPirate belongs to the newest generation of Android banking trojan, as it can\nperform ATS (Automatic Transfer System), enabling attackers to automate the insertion of a\nmalicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian\nbanks.\nPixPirate appears to have the following features, primarily achieved by abusing Accessibility\nServices, such as:\n- Ability to intercept valid banking credentials and perform ATS attacks on multiple Brazilian\nbanks via Pix payments\n- Ability to intercept/delete SMS messages\n- Preventing uninstall\n- Malvertising\nInformation\nMalpedia Last change to this tool card: 14 March 2024\nDownload this tool card in JSON format\nAll groups using tool PixPirate\nChanged Name Country Observed\nUnknown groups\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a018b937-90ca-4998-be1a-3084ddac445e\nPage 1 of 2\n\n_[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a018b937-90ca-4998-be1a-3084ddac445e\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a018b937-90ca-4998-be1a-3084ddac445e\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a018b937-90ca-4998-be1a-3084ddac445e"
	],
	"report_names": [
		"listgroups.cgi?u=a018b937-90ca-4998-be1a-3084ddac445e"
	],
	"threat_actors": [],
	"ts_created_at": 1775434757,
	"ts_updated_at": 1775791256,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/79ab8d3ee9e85d26226ee5c0465a62ebe69d2b7a.pdf",
		"text": "https://archive.orkl.eu/79ab8d3ee9e85d26226ee5c0465a62ebe69d2b7a.txt",
		"img": "https://archive.orkl.eu/79ab8d3ee9e85d26226ee5c0465a62ebe69d2b7a.jpg"
	}
}