{
	"id": "ec9fe905-58d1-4b78-b390-3aeb6620a8a5",
	"created_at": "2026-04-06T03:35:50.187811Z",
	"updated_at": "2026-04-10T03:24:30.035388Z",
	"deleted_at": null,
	"sha1_hash": "7ef47450577e3d79009941e6bf283a7477131a5b",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47041,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 03:21:47 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Alice\n Tool: Alice\nNames\nAlice\nAliceATM\nPrAlice\nProject Alice\nCategory Malware\nType ATM malware\nDescription\n(Trend Micro) Trend Micro has discovered a new family of ATM malware called Alice, which\nis the most stripped down ATM malware family we have ever encountered. Unlike other ATM\nmalware families, Alice cannot be controlled via the numeric pad of ATMs; neither does it\nhave information stealing features. It is meant solely to empty the safe of ATMs. We detect this\nnew malware family as BKDR_ALICE.A.\nInformation\nMalpedia Last change to this tool card: 25 May 2020\nDownload this tool card in JSON format\nAll groups using tool Alice\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=32a8dc6e-35d9-4e06-81cc-57f5dad0153e\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=32a8dc6e-35d9-4e06-81cc-57f5dad0153e\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=32a8dc6e-35d9-4e06-81cc-57f5dad0153e\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=32a8dc6e-35d9-4e06-81cc-57f5dad0153e"
	],
	"report_names": [
		"listgroups.cgi?u=32a8dc6e-35d9-4e06-81cc-57f5dad0153e"
	],
	"threat_actors": [
		{
			"id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d",
			"created_at": "2022-10-25T16:07:24.139848Z",
			"updated_at": "2026-04-10T02:00:04.878798Z",
			"deleted_at": null,
			"main_name": "Safe",
			"aliases": [],
			"source_name": "ETDA:Safe",
			"tools": [
				"DebugView",
				"LZ77",
				"OpenDoc",
				"SafeDisk",
				"TypeConfig",
				"UPXShell",
				"UsbDoc",
				"UsbExe"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775446550,
	"ts_updated_at": 1775791470,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7ef47450577e3d79009941e6bf283a7477131a5b.pdf",
		"text": "https://archive.orkl.eu/7ef47450577e3d79009941e6bf283a7477131a5b.txt",
		"img": "https://archive.orkl.eu/7ef47450577e3d79009941e6bf283a7477131a5b.jpg"
	}
}