{ "id": "f44655be-3a45-4c4e-8fb4-10cd571a317c", "created_at": "2026-04-06T00:21:44.568472Z", "updated_at": "2026-04-10T03:30:33.883242Z", "deleted_at": null, "sha1_hash": "e1d088d16958d63a3893b1e26b6476c0b22334c7", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49356, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 14:34:07 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool GlanceLove\n Tool: GlanceLove\nNames\nGlanceLove\nWinkChat\nCategory Malware\nType Backdoor, Info stealer, Exfiltration\nDescription\n(Check Point) About 100 people fell victim to the attack that came in the form of fake World\nCup and online dating apps that had been uploaded to the Google Play Store, the official app\nstore of Google.\nOnce the apps were installed onto the victims’ phones, the highly invasive malware was then\nable to carry out a number of malicious activities:\n• Record the user’s phone calls.\n• Take a picture when the user receives a call.\n• Steal the user’s contacts.\n• Steal the user’s SMS messages.\n• Steal all images and videos stored on the mobile device and information on where they were\ntaken.\n• Capture the user’s GPS location.\n• Take random recordings of the user’s surroundings.\n• Steal files and photos from the mobile device’s storage.\nInformation\nMalpedia Last change to this tool card: 13 May 2020\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bac795fd-7799-42f2-920c-eb6d4d4c12e9\nPage 1 of 2\n\nDownload this tool card in JSON format\r\nAll groups using tool GlanceLove\r\nChanged Name Country Observed\r\nAPT groups\r\n  Desert Falcons [Gaza] 2011-Oct 2023\r\n1 group listed (1 APT, 0 other, 0 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bac795fd-7799-42f2-920c-eb6d4d4c12e9\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bac795fd-7799-42f2-920c-eb6d4d4c12e9\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=bac795fd-7799-42f2-920c-eb6d4d4c12e9" ], "report_names": [ "listgroups.cgi?u=bac795fd-7799-42f2-920c-eb6d4d4c12e9" ], "threat_actors": [ { "id": "9ff60d4d-153b-4ed5-a2f7-18a21d2fa05d", "created_at": "2022-10-25T16:07:23.539852Z", "updated_at": "2026-04-10T02:00:04.647734Z", "deleted_at": null, "main_name": "Desert Falcons", "aliases": [ "APT-C-23", "ATK 66", "Arid Viper", "Niobium", "Operation Arid Viper", "Operation Bearded Barbie", "Operation Rebound", "Pinstripe Lightning", "Renegade Jackal", "TAG-63", "TAG-CT1", "Two-tailed Scorpion" ], "source_name": "ETDA:Desert Falcons", "tools": [ "AridSpy", "Barb(ie) Downloader", "BarbWire", "Desert Scorpion", "FrozenCell", "GlanceLove", "GnatSpy", "KasperAgent", "Micropsia", "PyMICROPSIA", "SpyC23", "Viper RAT", "ViperRAT", "VolatileVenom", "WinkChat", "android.micropsia" ], "source_id": "ETDA", "reports": null }, { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434904, "ts_updated_at": 1775791833, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/e1d088d16958d63a3893b1e26b6476c0b22334c7.pdf", "text": "https://archive.orkl.eu/e1d088d16958d63a3893b1e26b6476c0b22334c7.txt", "img": "https://archive.orkl.eu/e1d088d16958d63a3893b1e26b6476c0b22334c7.jpg" } }