{
	"id": "ea5c89b7-9391-4730-b402-5147ef923cef",
	"created_at": "2026-04-06T00:22:38.779696Z",
	"updated_at": "2026-04-10T03:22:13.172391Z",
	"deleted_at": null,
	"sha1_hash": "ca363403a2035b107569696cb61f28d2f8bb5570",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48665,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-02 11:24:18 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Janeleiro\n Tool: Janeleiro\nNames Janeleiro\nCategory Malware\nType Banking trojan, Backdoor, Keylogger, Info stealer, Credential stealer\nDescription\n(ESET) This new threat, which we’ve named Janeleiro, attempts to deceive its victims with\npop-up windows designed to look like the websites of some of the biggest banks in Brazil.\nThese pop-ups contain fake forms, aiming to trick the malware’s victims into entering their\nbanking credentials and personal information that the malware captures and exfiltrates to its\nC\u0026C servers. Janeleiro follows exactly the same blueprint for the core implementation of this\ntechnique as some of the most prominent malware families targeting the region: Mekotio,\nGrandoreiro, Mekotio, Amavaldo, and Vadokrist, among others.\nInformation\nMalpedia Last change to this tool card: 28 December 2021\nDownload this tool card in JSON format\nAll groups using tool Janeleiro\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=126aa526-7e9f-411a-a810-aa1e93d659a2\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=126aa526-7e9f-411a-a810-aa1e93d659a2\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=126aa526-7e9f-411a-a810-aa1e93d659a2"
	],
	"report_names": [
		"listgroups.cgi?u=126aa526-7e9f-411a-a810-aa1e93d659a2"
	],
	"threat_actors": [],
	"ts_created_at": 1775434958,
	"ts_updated_at": 1775791333,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ca363403a2035b107569696cb61f28d2f8bb5570.pdf",
		"text": "https://archive.orkl.eu/ca363403a2035b107569696cb61f28d2f8bb5570.txt",
		"img": "https://archive.orkl.eu/ca363403a2035b107569696cb61f28d2f8bb5570.jpg"
	}
}