{
	"id": "2ba6499c-a6c1-4a01-97b5-080d77e33640",
	"created_at": "2026-04-06T00:14:51.298447Z",
	"updated_at": "2026-04-10T03:31:32.02188Z",
	"deleted_at": null,
	"sha1_hash": "9f0484af3645228d069ed039c1ddf764c14bf1a9",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 41728,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:51:27 UTC\nHome \u003e List all groups \u003e Operation Bandidos\n APT group: Operation Bandidos\nNames Operation Bandidos (ESET)\nCountry [Unknown]\nMotivation Information theft and espionage\nFirst seen 2021\nDescription\n(ESET) In 2021 we detected an ongoing campaign targeting corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela. When comparing the malware\nused in this campaign with what was previously documented, we found new functionality and\nchanges to this malware, known as Bandook. We also found that this campaign targeting\nVenezuela, despite being active since at least 2015, has somehow remained undocumented.\nGiven the malware used and the targeted locale, we chose to name this campaign Bandidos.\nObserved Countries: Venezuela.\nTools used Bandook.\nInformation\nLast change to this card: 09 August 2021\nDownload this actor card in PDF or JSON format\nSource: https://apt.etda.or.th/cgi-bin/showcard.cgi?u=bfea8c04-ab0d-41ac-a997-f5d9cdb740bc\nhttps://apt.etda.or.th/cgi-bin/showcard.cgi?u=bfea8c04-ab0d-41ac-a997-f5d9cdb740bc\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/showcard.cgi?u=bfea8c04-ab0d-41ac-a997-f5d9cdb740bc"
	],
	"report_names": [
		"showcard.cgi?u=bfea8c04-ab0d-41ac-a997-f5d9cdb740bc"
	],
	"threat_actors": [
		{
			"id": "4ea20013-ce3f-4f94-b41d-1be5d44cc9ec",
			"created_at": "2022-10-25T16:07:23.931522Z",
			"updated_at": "2026-04-10T02:00:04.794118Z",
			"deleted_at": null,
			"main_name": "Operation Bandidos",
			"aliases": [],
			"source_name": "ETDA:Operation Bandidos",
			"tools": [
				"Bandok",
				"Bandook"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434491,
	"ts_updated_at": 1775791892,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9f0484af3645228d069ed039c1ddf764c14bf1a9.pdf",
		"text": "https://archive.orkl.eu/9f0484af3645228d069ed039c1ddf764c14bf1a9.txt",
		"img": "https://archive.orkl.eu/9f0484af3645228d069ed039c1ddf764c14bf1a9.jpg"
	}
}