{
	"id": "8a50e169-901b-48f1-89e9-6caa09ddd43d",
	"created_at": "2026-04-06T00:07:09.569276Z",
	"updated_at": "2026-04-10T13:13:05.874021Z",
	"deleted_at": null,
	"sha1_hash": "9871e958b389248bcf1078bcb7f9d30d7677e1bd",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52083,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:40:23 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Qadars\n Tool: Qadars\nNames Qadars\nCategory Malware\nType Banking trojan, Backdoor, Credential stealer, Botnet\nDescription\n(ESET) A new banking Trojan has been making its round in the past few months. First\npublicly discussed by LEXSI, this banking Trojan has been very active, infecting users\nthroughout the world. Its modus operandi is banking fraud through web injection. While\nthis approach has been present for a long time in various banking Trojan families, it is still\neffective. Win32/Qadars uses a wide variety of webinjects, some with Android mobile\ncomponents, used to bypass online banking security and to gain access to user’s bank\naccount. Usually, banking Trojans either target a broad array of financial institutions or\nfocus on a much smaller subset, usually institutions of which the user base is\ngeographically close. Win32/Qadars fall in the second category: it pinpoints users in\nspecific regions and uses webinject configuration files tailored to the banks most\ncommonly used by the victims.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 24 May 2020\nDownload this tool card in JSON format\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=144de65c-7f10-4653-a970-eb3ea79e64e2\nPage 1 of 2\n\nAll groups using tool Qadars\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=144de65c-7f10-4653-a970-eb3ea79e64e2\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=144de65c-7f10-4653-a970-eb3ea79e64e2\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=144de65c-7f10-4653-a970-eb3ea79e64e2"
	],
	"report_names": [
		"listgroups.cgi?u=144de65c-7f10-4653-a970-eb3ea79e64e2"
	],
	"threat_actors": [],
	"ts_created_at": 1775434029,
	"ts_updated_at": 1775826785,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9871e958b389248bcf1078bcb7f9d30d7677e1bd.pdf",
		"text": "https://archive.orkl.eu/9871e958b389248bcf1078bcb7f9d30d7677e1bd.txt",
		"img": "https://archive.orkl.eu/9871e958b389248bcf1078bcb7f9d30d7677e1bd.jpg"
	}
}