{
	"id": "ce43f796-895c-4c50-af36-58de593fdb37",
	"created_at": "2026-04-06T00:14:15.881145Z",
	"updated_at": "2026-04-10T03:21:12.011093Z",
	"deleted_at": null,
	"sha1_hash": "1c91151cbb99742c0a67ea95e9073697589aaacd",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45657,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 18:05:38 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool ScanPOS\r\n Tool: ScanPOS\r\nNames ScanPOS\r\nCategory Malware\r\nType POS malware, Credential stealer\r\nDescription\r\n(securitykitten) ScanPOS, while not extraordinarily impressive or unique, is a new family. It\r\nperforms the same basic tasks that all other POS malware performs, yet sneaks by almost\r\nevery developed detection technique. ScanPOS does little in terms of evading detection, which\r\ncan help it blend in a production environment. When code is heavily packed, it will often get\r\npicked up by generic heuristics.\r\nInformation\r\n\u003chttps://securitykitten.github.io/2016/11/15/scanpos.html\u003e\r\n\u003chttps://www.proofpoint.com/us/threat-insight/post/kronos-banking-trojan-used-to-deliver-new-point-of-sale-malware\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.scanpos\u003e\r\nLast change to this tool card: 22 May 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool ScanPOS\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e293e421-1b6d-4dff-ae63-dcaf6c37127f\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e293e421-1b6d-4dff-ae63-dcaf6c37127f\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=e293e421-1b6d-4dff-ae63-dcaf6c37127f"
	],
	"report_names": [
		"listgroups.cgi?u=e293e421-1b6d-4dff-ae63-dcaf6c37127f"
	],
	"threat_actors": [],
	"ts_created_at": 1775434455,
	"ts_updated_at": 1775791272,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/1c91151cbb99742c0a67ea95e9073697589aaacd.pdf",
		"text": "https://archive.orkl.eu/1c91151cbb99742c0a67ea95e9073697589aaacd.txt",
		"img": "https://archive.orkl.eu/1c91151cbb99742c0a67ea95e9073697589aaacd.jpg"
	}
}