{
	"id": "40dcf860-ed3c-4b4d-97a5-f0f02d058d36",
	"created_at": "2026-04-06T00:12:29.636996Z",
	"updated_at": "2026-04-10T13:12:28.681565Z",
	"deleted_at": null,
	"sha1_hash": "e61988d7317ace0b227edb5be2e29a0119561d32",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47742,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 22:33:33 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ATMitch\n Tool: ATMitch\nNames ATMitch\nCategory Malware\nType ATM malware, Backdoor\nDescription\n(Kaspersky) The malware, which we have dubbed ATMitch, is fairly straightforward. Once\nremotely installed and executed via Remote Desktop Connection (RDP) access to the ATM\nfrom within the bank, the malware looks for the “command.txt” file that should be located in\nthe same directory as the malware and created by the attacker.\nAfter execution, ATMitch writes the results of this command to the log file and removes\n“command.txt” from the ATM’s hard drive.\nThe malware uses the standard XFS library to control the ATM. It should be noted that it\nworks on every ATM that supports the XFS library (which is the vast majority).\nInformation\nMalpedia Last change to this tool card: 25 May 2020\nDownload this tool card in JSON format\nAll groups using tool ATMitch\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2c14cee1-e5ec-4c33-bce9-7d87d9e5ced4\nPage 1 of 2\n\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2c14cee1-e5ec-4c33-bce9-7d87d9e5ced4\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2c14cee1-e5ec-4c33-bce9-7d87d9e5ced4\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2c14cee1-e5ec-4c33-bce9-7d87d9e5ced4"
	],
	"report_names": [
		"listgroups.cgi?u=2c14cee1-e5ec-4c33-bce9-7d87d9e5ced4"
	],
	"threat_actors": [],
	"ts_created_at": 1775434349,
	"ts_updated_at": 1775826748,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e61988d7317ace0b227edb5be2e29a0119561d32.pdf",
		"text": "https://archive.orkl.eu/e61988d7317ace0b227edb5be2e29a0119561d32.txt",
		"img": "https://archive.orkl.eu/e61988d7317ace0b227edb5be2e29a0119561d32.jpg"
	}
}