{
	"id": "400bfd80-698b-48c3-a954-3b0ca80557a5",
	"created_at": "2026-04-06T01:30:40.769071Z",
	"updated_at": "2026-04-10T03:21:35.549565Z",
	"deleted_at": null,
	"sha1_hash": "c5416f8e426dfcacf5d30b2f9e33918b6a1f3812",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48834,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-06 00:45:40 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Tyupkin\n Tool: Tyupkin\nNames\nTyupkin\nPadpin\nCategory Malware\nType ATM malware\nDescription\n(Lastline) For today’s case study, we use a Tyupkin malware sample, a .Net application\nfor bank automated teller machines (ATM) running on the Microsoft Windows operating\nsystem. Tyupkin’s aim is to steal cash by sending a specific command to the cash\ndispenser of the compromised ATM. During the analysis, our sandbox will trick the\nmalware into believing that our analysis environment is an ATM itself. We will achieve\nthis by submitting our sample bundled with a few specific DLLs that provide\nprogrammer’s interfaces to a Windows-based ATM, Extensions for Financial Services\n(XFS).\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 25 May 2020\nDownload this tool card in JSON format\nAll groups using tool Tyupkin\nChanged Name Country Observed\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c524bf68-1845-457b-8cf3-cff7cae6714e\nPage 1 of 2\n\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c524bf68-1845-457b-8cf3-cff7cae6714e\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c524bf68-1845-457b-8cf3-cff7cae6714e\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=c524bf68-1845-457b-8cf3-cff7cae6714e"
	],
	"report_names": [
		"listgroups.cgi?u=c524bf68-1845-457b-8cf3-cff7cae6714e"
	],
	"threat_actors": [],
	"ts_created_at": 1775439040,
	"ts_updated_at": 1775791295,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c5416f8e426dfcacf5d30b2f9e33918b6a1f3812.pdf",
		"text": "https://archive.orkl.eu/c5416f8e426dfcacf5d30b2f9e33918b6a1f3812.txt",
		"img": "https://archive.orkl.eu/c5416f8e426dfcacf5d30b2f9e33918b6a1f3812.jpg"
	}
}