{
	"id": "ce52b044-02ad-4866-85af-8c7f144a0b76",
	"created_at": "2026-04-06T00:13:56.260879Z",
	"updated_at": "2026-04-10T03:20:41.845394Z",
	"deleted_at": null,
	"sha1_hash": "b6c411c19f83e4cfd80b93910144be89b2fb1691",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45016,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:08:52 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool TsarBot\n Tool: TsarBot\nNames TsarBot\nCategory Malware\nType Banking trojan, Backdoor, Credential stealer\nDescription\n(Cuble) Cyble Research and Intelligence Labs (CRIL) discovered a new Android banking\ntrojan that uses an overlay attack to target over 750 applications, including banking, finance,\ncryptocurrency, payment, social media, and e-commerce applications, across multiple regions.\nWhile the malware mainly utilizes overlay attacks to steal credentials, it also carries out\nvarious other malicious actions. It is capable of recording and remotely controlling the screen,\nenabling attackers to monitor and manipulate the device. Additionally, it employs lock-grabbing techniques, keylogging, and intercepting SMS messages.\nInformation Last change to this tool card: 21 April 2025\nDownload this tool card in JSON format\nAll groups using tool TsarBot\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ecff7a23-a928-40dc-8d8f-8790c55b3be0\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ecff7a23-a928-40dc-8d8f-8790c55b3be0\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=ecff7a23-a928-40dc-8d8f-8790c55b3be0"
	],
	"report_names": [
		"listgroups.cgi?u=ecff7a23-a928-40dc-8d8f-8790c55b3be0"
	],
	"threat_actors": [],
	"ts_created_at": 1775434436,
	"ts_updated_at": 1775791241,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b6c411c19f83e4cfd80b93910144be89b2fb1691.pdf",
		"text": "https://archive.orkl.eu/b6c411c19f83e4cfd80b93910144be89b2fb1691.txt",
		"img": "https://archive.orkl.eu/b6c411c19f83e4cfd80b93910144be89b2fb1691.jpg"
	}
}