{
	"id": "1c3ec762-b7f3-4c23-a719-42c72451497b",
	"created_at": "2026-04-06T00:06:25.692221Z",
	"updated_at": "2026-04-10T03:33:22.477566Z",
	"deleted_at": null,
	"sha1_hash": "da4b47d7c5337f2078757a92fc49301b564d83e8",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 53138,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 20:36:57 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Tinba\n Tool: Tinba\nNames\nTinba\nTiny Banker\nTinyBanker\nTina\nIlli\nZusy\nCategory Malware\nType Banking trojan, Credential stealer\nDescription\n(Trend Micro) Tinba is a small data stealing Trojan-banker. It hooks into browsers and\nsteals login data, as well as sniffs network traffic. As with several other sophisticated\nbanker-Trojans, it also uses Man in the Browser (MiTB) tricks and Web injects to change\nthe look and feel of certain Web pages. Its purpose is to circumvent Two Factor\nAuthentication (2FA) or to trick the infected user into providing additional sensitive data\nsuch as credit card data.\nTinba is the smallest Trojan-banker CSIS has encountered to date, and it belongs to a new\nfamily of malware. The code is approximately 20 KB in size (including configuration and\nWeb injects) and is simple without any packing or advanced encryption. Analyzed\nsamples show that the antivirus detection is low.\nInformation\n\nworld/\u003e\nMalpedia AlienVault OTX Last change to this tool card: 28 December 2022\nDownload this tool card in JSON format\nAll groups using tool Tinba\nChanged Name Country Observed\nOther groups\n Retefe Gang, Operation Emmental 2013\n1 group listed (0 APT, 1 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b3b23d2b-3498-486f-a47f-e24ce93ed5fd\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b3b23d2b-3498-486f-a47f-e24ce93ed5fd\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=b3b23d2b-3498-486f-a47f-e24ce93ed5fd"
	],
	"report_names": [
		"listgroups.cgi?u=b3b23d2b-3498-486f-a47f-e24ce93ed5fd"
	],
	"threat_actors": [
		{
			"id": "c6722d56-e5e7-4c5c-a5be-b7e01d4281b0",
			"created_at": "2022-10-25T16:07:24.542981Z",
			"updated_at": "2026-04-10T02:00:05.028606Z",
			"deleted_at": null,
			"main_name": "Retefe Gang",
			"aliases": [
				"Operation Emmental",
				"Retefe Gang"
			],
			"source_name": "ETDA:Retefe Gang",
			"tools": [
				"Dok",
				"Illi",
				"Retefe",
				"Retefe (Android)",
				"Tina",
				"Tinba",
				"Tiny Banker",
				"TinyBanker",
				"Tsukuba",
				"Werdlod",
				"Zusy"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "a8fba3fa-62bf-4fdb-92bb-29aa6375b92d",
			"created_at": "2024-02-08T02:00:04.329621Z",
			"updated_at": "2026-04-10T02:00:03.585503Z",
			"deleted_at": null,
			"main_name": "Operation Emmental",
			"aliases": [
				"Retefe Gang",
				"Retefe Group"
			],
			"source_name": "MISPGALAXY:Operation Emmental",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775433985,
	"ts_updated_at": 1775792002,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/da4b47d7c5337f2078757a92fc49301b564d83e8.pdf",
		"text": "https://archive.orkl.eu/da4b47d7c5337f2078757a92fc49301b564d83e8.txt",
		"img": "https://archive.orkl.eu/da4b47d7c5337f2078757a92fc49301b564d83e8.jpg"
	}
}