{
	"id": "9c7583e5-cd81-4038-b2d9-1928eaa4c65c",
	"created_at": "2026-04-06T00:19:30.441281Z",
	"updated_at": "2026-04-10T13:11:20.426348Z",
	"deleted_at": null,
	"sha1_hash": "9a9d7e3e862e3d2cfa9a0f6a9580448a43250e85",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47333,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 21:42:03 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Matrix Banker\r\n Tool: Matrix Banker\r\nNames\r\nMatrix Banker\r\nRediModiUpd\r\nCategory Malware\r\nType Banking trojan, Credential stealer\r\nDescription\r\n(Arbor) This post takes a look at a new banking malware that has, so far, been targeting\r\nfinancial institutions in Latin America—specifically, Mexico and Peru. Initially, we’ve called it\r\n“Matrix Banker” based on its command and control (C2) login panel, but it seems that “Matrix\r\nAdmin” is a template available for the Bootstrap web framework. Proofpoint calls it\r\n“Win32/RediModiUpd” based on a debugging string from an earlier sample.\r\nThe malware is under active development, but as with some of the other banking trojans we’ve\r\nanalyzed, it’s difficult to assess how far and wide this threat will go while it’s still so new.\r\nInformation \u003chttps://www.netscout.com/blog/asert/another-banker-enters-matrix\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.matrix_banker\u003e\r\nLast change to this tool card: 22 May 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Matrix Banker\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5990b482-f24a-4c94-988a-93153a27cbc1\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5990b482-f24a-4c94-988a-93153a27cbc1\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5990b482-f24a-4c94-988a-93153a27cbc1\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=5990b482-f24a-4c94-988a-93153a27cbc1"
	],
	"report_names": [
		"listgroups.cgi?u=5990b482-f24a-4c94-988a-93153a27cbc1"
	],
	"threat_actors": [],
	"ts_created_at": 1775434770,
	"ts_updated_at": 1775826680,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9a9d7e3e862e3d2cfa9a0f6a9580448a43250e85.pdf",
		"text": "https://archive.orkl.eu/9a9d7e3e862e3d2cfa9a0f6a9580448a43250e85.txt",
		"img": "https://archive.orkl.eu/9a9d7e3e862e3d2cfa9a0f6a9580448a43250e85.jpg"
	}
}