{ "id": "bcf70ca7-5c05-42c3-97d8-55670281398a", "created_at": "2026-04-06T00:09:59.891718Z", "updated_at": "2026-04-10T03:34:24.165746Z", "deleted_at": null, "sha1_hash": "010ce0c509999a9dededf980063bc4ce06fa0242", "title": "Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 48033, "plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 18:28:05 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool PunchBuggy\n Tool: PunchBuggy\nNames\nPunchBuggy\nShellTea\nPowersniff\nCategory Malware\nType POS malware, Backdoor\nDescription\nPUNCHBUGGY is a backdoor malware used by FIN8 that has been observed targeting\nPOS networks in the hospitality industry.\nInformation\nMITRE ATT\u0026CK Malpedia AlienVault OTX Last change to this tool card: 23 May 2020\nDownload this tool card in JSON format\nAll groups using tool PunchBuggy\nChanged Name Country Observed\nAPT groups\n FIN8 [Unknown] 2016-Dec 2022\n1 group listed (1 APT, 0 other, 0 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e6081bfb-8593-4cc9-9f20-103980b059f9\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e6081bfb-8593-4cc9-9f20-103980b059f9\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e6081bfb-8593-4cc9-9f20-103980b059f9\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e6081bfb-8593-4cc9-9f20-103980b059f9" ], "report_names": [ "listgroups.cgi?u=e6081bfb-8593-4cc9-9f20-103980b059f9" ], "threat_actors": [ { "id": "3150bf4f-288a-44b8-ab48-0ced9b052a0c", "created_at": "2025-08-07T02:03:24.910023Z", "updated_at": "2026-04-10T02:00:03.713077Z", "deleted_at": null, "main_name": "GOLD HUXLEY", "aliases": [ "CTG-6969 ", "FIN8 " ], "source_name": "Secureworks:GOLD HUXLEY", "tools": [ "Gozi ISFB", "Powersniff" ], "source_id": "Secureworks", "reports": null }, { "id": "5bdde906-0416-42ee-9100-5ebd95dda77a", "created_at": "2023-01-06T13:46:38.601977Z", "updated_at": "2026-04-10T02:00:03.035842Z", "deleted_at": null, "main_name": "FIN8", "aliases": [ "ATK113", "G0061" ], "source_name": "MISPGALAXY:FIN8", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "72d09c17-e33e-4c2f-95db-f204848cc797", "created_at": "2022-10-25T15:50:23.832551Z", "updated_at": "2026-04-10T02:00:05.336787Z", "deleted_at": null, "main_name": "FIN8", "aliases": [ "FIN8", "Syssphinx" ], "source_name": "MITRE:FIN8", "tools": [ "BADHATCH", "PUNCHBUGGY", "Ragnar Locker", "PUNCHTRACK", "dsquery", "Nltest", "Sardonic", "PsExec", "Impacket" ], "source_id": "MITRE", "reports": null }, { "id": "fc80a724-e567-457c-82bb-70147435e129", "created_at": "2022-10-25T16:07:23.624289Z", "updated_at": "2026-04-10T02:00:04.691643Z", "deleted_at": null, "main_name": "FIN8", "aliases": [ "ATK 113", "G0061", "Storm-0288", "Syssphinx" ], "source_name": "ETDA:FIN8", "tools": [ "ALPHV", "ALPHVM", "BadHatch", "BlackCat", "Noberus", "PSVC", "PUNCHTRACK", "PoSlurp", "Powersniff", "PunchBuggy", "Ragnar Loader", "Ragnar Locker", "RagnarLocker", "Sardonic", "ShellTea" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434199, "ts_updated_at": 1775792064, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/010ce0c509999a9dededf980063bc4ce06fa0242.pdf", "text": "https://archive.orkl.eu/010ce0c509999a9dededf980063bc4ce06fa0242.txt", "img": "https://archive.orkl.eu/010ce0c509999a9dededf980063bc4ce06fa0242.jpg" } }