{
	"id": "c2cca0a6-10fb-415f-b6e8-55017d9b6e9e",
	"created_at": "2026-04-06T00:12:20.260582Z",
	"updated_at": "2026-04-10T03:20:07.054723Z",
	"deleted_at": null,
	"sha1_hash": "8e88137db8beb4835578a752017cc5bb719e7d4a",
	"title": "Dark Tequila - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46853,
	"plain_text": "Dark Tequila - Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 14:37:49 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Dark Tequila\n Tool: Dark Tequila\nNames\nDark Tequila\nDarkTequila\nCategory Malware\nType Banking trojan, Backdoor, Info stealer, Credential stealer\nDescription\n(Kaspersky) Dark Tequila is a complex malicious campaign targeting Mexican users, with the\nprimary purpose of stealing financial information, as well as login credentials to popular\nwebsites that range from code versioning repositories to public file storage accounts and\ndomain registrars.\nA multi-stage payload is delivered to the victim only when certain conditions are met;\navoiding infection when security suites are installed or the sample is being run in an analysis\nenvironment. From the target list retrieved from the final payload, this particular campaign\ntargets customers of several Mexican banking institutions and contains some comments\nembedded in the code written in the Spanish language, using words only spoken in Latin\nAmerica.\nInformation Malpedia Last change to this tool card: 28 December 2022\nDownload this tool card in JSON format\nAll groups using tool Dark Tequila\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8364f12b-27c5-43a2-aa98-79ae79e92c8f\nPage 1 of 2\n\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8364f12b-27c5-43a2-aa98-79ae79e92c8f\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8364f12b-27c5-43a2-aa98-79ae79e92c8f\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8364f12b-27c5-43a2-aa98-79ae79e92c8f"
	],
	"report_names": [
		"listgroups.cgi?u=8364f12b-27c5-43a2-aa98-79ae79e92c8f"
	],
	"threat_actors": [],
	"ts_created_at": 1775434340,
	"ts_updated_at": 1775791207,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8e88137db8beb4835578a752017cc5bb719e7d4a.pdf",
		"text": "https://archive.orkl.eu/8e88137db8beb4835578a752017cc5bb719e7d4a.txt",
		"img": "https://archive.orkl.eu/8e88137db8beb4835578a752017cc5bb719e7d4a.jpg"
	}
}