{
	"id": "64c30ea6-cad8-4400-8822-59d00b9814f3",
	"created_at": "2026-04-06T00:15:36.605147Z",
	"updated_at": "2026-04-10T03:22:13.652082Z",
	"deleted_at": null,
	"sha1_hash": "186815555e0ee7b43b07afde997a94d7f5bccb9e",
	"title": "POS - Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49257,
	"plain_text": "POS - Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 18:10:40 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool XBOT-POS\r\n Tool: XBOT-POS\r\nNames\r\nXBOT-POS\r\nXBot POS\r\nCategory Malware\r\nType POS malware, Credential stealer\r\nDescription\r\n(benkow) The bot ad:\r\nSelling xbot ,new bank trojan -- Modules -- Webinject -- Formgrabber -- Socket4/5 -- Hidden\r\nVNC\r\nNew bot bank xbot is available for rent (800$/monthly) -- server on tornetwork/clearnet\r\nCustomized programming service and web developer/c/c++/Python/NET/others\r\nTeam Coder/NZMR\r\nxbot costs 3k $ modules available \u003ewebinject -- formgrabber -- Socket4/5 -- Hidden VNC\r\nWhen buying xbot what do you get?\r\nYou will get the builder,bin/exe+socket.exe/server.exe hvnc\r\n[+] - Free installation on your server in tornetwork or clearnet, you choose\r\n[+] - monthly support paid 100 $ (you choose,with or without support)\r\n[+] - Update bot for new version 400 $\r\n[+] Rent xbot\r\nPanel access (Clearnet/Tornetwork)\r\nBin (exe)\r\nSocket.exe/hvnc.exe\r\nPriçe\r\n800 $ monthly (First 6 customers, others 1k $)\r\nSupport monthly 100 $ (btc)\r\nInformation \u003chttps://benkowlab.blogspot.com/2017/08/quick-look-at-another-alina-fork-xbot.html\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.xbot_pos\u003e\r\nLast change to this tool card: 28 December 2022\r\nDownload this tool card in JSON format\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=db81462b-25a0-443d-9621-fd39428dc6d6\r\nPage 1 of 2\n\nAll groups using tool XBOT-POS\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=db81462b-25a0-443d-9621-fd39428dc6d6\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=db81462b-25a0-443d-9621-fd39428dc6d6\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=db81462b-25a0-443d-9621-fd39428dc6d6"
	],
	"report_names": [
		"listgroups.cgi?u=db81462b-25a0-443d-9621-fd39428dc6d6"
	],
	"threat_actors": [],
	"ts_created_at": 1775434536,
	"ts_updated_at": 1775791333,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/186815555e0ee7b43b07afde997a94d7f5bccb9e.pdf",
		"text": "https://archive.orkl.eu/186815555e0ee7b43b07afde997a94d7f5bccb9e.txt",
		"img": "https://archive.orkl.eu/186815555e0ee7b43b07afde997a94d7f5bccb9e.jpg"
	}
}