{
	"id": "27c74621-e03a-462b-91f3-cb059078695a",
	"created_at": "2026-04-06T00:22:07.783119Z",
	"updated_at": "2026-04-10T03:20:06.671563Z",
	"deleted_at": null,
	"sha1_hash": "9abe3c6e44539dd2f49cc62022d1a965d767a5d5",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49948,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:27:16 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ExoBot\n Tool: ExoBot\nNames ExoBot\nCategory Malware\nType Banking trojan, Info stealer, Credential stealer, Botnet\nDescription\n(IMB) ExoBot is Android malware that was based originally on a previous code known\nas Marcher. This code represents a banking Trojan that uses the overlay technique —\nthat is, popping up fake windows that hide the original app users open — to trick\nvictims into tapping their banking credentials into a fake interface. After stealing\naccount access details, the malware can also intercept SMS messages and phone calls,\nthereby enabling criminals to take over the victim’s bank account and other financial\naccounts at their discretion.\nSome of the capabilities that enable ExoBot to facilitate fraudulent activity on infected\ndevices include gaining admin privileges, launching overlay screens, and exfiltrating\nSMS, data and other information from the infected device.\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 30 December 2022\nDownload this tool card in JSON format\nAll groups using tool ExoBot\nChanged Name Country Observed\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=becb3edc-a20e-4b0e-918d-db63051a137f\nPage 1 of 2\n\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=becb3edc-a20e-4b0e-918d-db63051a137f\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=becb3edc-a20e-4b0e-918d-db63051a137f\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=becb3edc-a20e-4b0e-918d-db63051a137f"
	],
	"report_names": [
		"listgroups.cgi?u=becb3edc-a20e-4b0e-918d-db63051a137f"
	],
	"threat_actors": [],
	"ts_created_at": 1775434927,
	"ts_updated_at": 1775791206,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9abe3c6e44539dd2f49cc62022d1a965d767a5d5.pdf",
		"text": "https://archive.orkl.eu/9abe3c6e44539dd2f49cc62022d1a965d767a5d5.txt",
		"img": "https://archive.orkl.eu/9abe3c6e44539dd2f49cc62022d1a965d767a5d5.jpg"
	}
}