{
	"id": "877351d0-7637-40c1-aaf3-198465f74282",
	"created_at": "2026-04-06T00:19:56.616929Z",
	"updated_at": "2026-04-10T03:19:57.178642Z",
	"deleted_at": null,
	"sha1_hash": "252b59cd87292c4a2c69f9d6cd505f6cbc8e892e",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47049,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 13:21:54 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool PosCardStealer\n Tool: PosCardStealer\nNames PosCardStealer\nCategory Malware\nType POS malware, Credential stealer\nDescription\n(Panda Security) The first attack we were able to analyze took place September 30, 2015 and\naffected 30 PoS systems. The malware was installed using PowerShell, a popular Windows\ntool. With this tool the file (MD5: 0B4F921CF2537FCED9CAACA179F6DFF4) was\nexecuted, with an internal date of creation for two days before (28/09/2015 17:07:59) and\ncompiled with C++ visuals.\nThe installer’s job is to infect the system with malware that is specifically designed for PoS\nsystems. To do this, it uses different techniques in function with the PoS software installed on\nthe system. In concrete, it looks for brain.exe (pertaining to Dinerware) and scpwin.exe\nprocesses, and installs the malware as follows depending on which of the two it finds.\nInformation Malpedia Last change to this tool card: 25 May 2020\nDownload this tool card in JSON format\nAll groups using tool PosCardStealer\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2d486642-f5ab-4f5f-8248-8a3085e06c82\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2d486642-f5ab-4f5f-8248-8a3085e06c82\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2d486642-f5ab-4f5f-8248-8a3085e06c82\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=2d486642-f5ab-4f5f-8248-8a3085e06c82"
	],
	"report_names": [
		"listgroups.cgi?u=2d486642-f5ab-4f5f-8248-8a3085e06c82"
	],
	"threat_actors": [],
	"ts_created_at": 1775434796,
	"ts_updated_at": 1775791197,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/252b59cd87292c4a2c69f9d6cd505f6cbc8e892e.pdf",
		"text": "https://archive.orkl.eu/252b59cd87292c4a2c69f9d6cd505f6cbc8e892e.txt",
		"img": "https://archive.orkl.eu/252b59cd87292c4a2c69f9d6cd505f6cbc8e892e.jpg"
	}
}