{
	"id": "5f459867-a0e4-4582-a792-ee11938e5b25",
	"created_at": "2026-04-06T00:10:08.653543Z",
	"updated_at": "2026-04-10T03:21:16.60394Z",
	"deleted_at": null,
	"sha1_hash": "7dd24d735c1c59a7ec8567ade5fabe38e3efe1b2",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 58027,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:46:55 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Grandoreiro\n Tool: Grandoreiro\nNames Grandoreiro\nCategory Malware\nType Banking trojan, Credential stealer\nDescription\n(segurancainformatica) Grandoreiro is a Latin American banking trojan targeting Brazil,\nMexico, Spain, Peru, and has now extended to Portugal.\nCybercriminals attempt to compromise computers to generate revenue by exfiltrating\ninformation from victims’ devices, typically banking-related information. During April\nand May 2020, a new Grandoreiro variant was identified. This piece of malware\nincludes improvements in the way it is operating. The threat has been disseminating via\nmalscam campaigns, as in the past, and the name of the victim is used as a part of the\nmalicious attachment name, as shown below.\nInformation https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c4ec465b-e68f-49d7-ae46-de7f308d7723\nPage 1 of 2\n\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 21 April 2025\nDownload this tool card in JSON format\nAll groups using tool Grandoreiro\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c4ec465b-e68f-49d7-ae46-de7f308d7723\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c4ec465b-e68f-49d7-ae46-de7f308d7723\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c4ec465b-e68f-49d7-ae46-de7f308d7723"
	],
	"report_names": [
		"listgroups.cgi?u=c4ec465b-e68f-49d7-ae46-de7f308d7723"
	],
	"threat_actors": [],
	"ts_created_at": 1775434208,
	"ts_updated_at": 1775791276,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7dd24d735c1c59a7ec8567ade5fabe38e3efe1b2.pdf",
		"text": "https://archive.orkl.eu/7dd24d735c1c59a7ec8567ade5fabe38e3efe1b2.txt",
		"img": "https://archive.orkl.eu/7dd24d735c1c59a7ec8567ade5fabe38e3efe1b2.jpg"
	}
}