{
	"id": "e0eb9907-37be-4ca9-8de8-3ac1cde3b566",
	"created_at": "2026-04-06T00:20:51.774679Z",
	"updated_at": "2026-04-10T03:20:51.211763Z",
	"deleted_at": null,
	"sha1_hash": "c68d23b0924e48205dab88451b0c88ee11136de3",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 50511,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 18:14:38 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool KRBanker\n Tool: KRBanker\nNames\nKRBanker\nBlackmoon\nCategory Malware\nType Banking trojan\nDescription\n(Proofpoint) First analyzed in early 2014, the Blackmoon banking Trojan targets a user’s\nonline banking credentials using a type of pharming that involves modifying or replacing\nthe local Hosts file with one that redirects online banking domain lookups to an IP address\ncontrolled by the attacker. Blackmoon has been observed targeting primarily customers of\nSouth Korean online banking sites and services, and is usually distributed via drive-by\ndownload.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 24 May 2020\nDownload this tool card in JSON format\nAll groups using tool KRBanker\nChanged Name Country Observed\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fc359147-48b8-4b01-b018-bc3a0b7f4727\nPage 1 of 2\n\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fc359147-48b8-4b01-b018-bc3a0b7f4727\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fc359147-48b8-4b01-b018-bc3a0b7f4727\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fc359147-48b8-4b01-b018-bc3a0b7f4727"
	],
	"report_names": [
		"listgroups.cgi?u=fc359147-48b8-4b01-b018-bc3a0b7f4727"
	],
	"threat_actors": [],
	"ts_created_at": 1775434851,
	"ts_updated_at": 1775791251,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/c68d23b0924e48205dab88451b0c88ee11136de3.pdf",
		"text": "https://archive.orkl.eu/c68d23b0924e48205dab88451b0c88ee11136de3.txt",
		"img": "https://archive.orkl.eu/c68d23b0924e48205dab88451b0c88ee11136de3.jpg"
	}
}