{
	"id": "64f15a57-53c5-459f-9bf1-c775d56e214d",
	"created_at": "2026-04-06T00:12:42.205519Z",
	"updated_at": "2026-04-10T03:20:16.674866Z",
	"deleted_at": null,
	"sha1_hash": "2b8ceb56d3e70184a8362e9325877cf462c022cf",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49125,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 17:05:41 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool TreasureHunter\n Tool: TreasureHunter\nNames\nTreasureHunter\nTREASUREHUNT\nhuntpos\nCategory Malware\nType POS malware, Credential stealer\nDescription\n(FireEye) In this article we examine TREASUREHUNT, POS malware that appears to have been\ncustom-built for the operations of a particular “dump shop,” which sells stolen credit card data.\nTREASUREHUNT enumerates running processes, extracts payment card information from\nmemory, and then transmits this information to a command and control server.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 18 November 2022\nDownload this tool card in JSON format\nAll groups using tool TreasureHunter\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown)\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fe027e13-3f88-49f6-8b42-2f435b61edc0\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fe027e13-3f88-49f6-8b42-2f435b61edc0\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fe027e13-3f88-49f6-8b42-2f435b61edc0\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=fe027e13-3f88-49f6-8b42-2f435b61edc0"
	],
	"report_names": [
		"listgroups.cgi?u=fe027e13-3f88-49f6-8b42-2f435b61edc0"
	],
	"threat_actors": [],
	"ts_created_at": 1775434362,
	"ts_updated_at": 1775791216,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2b8ceb56d3e70184a8362e9325877cf462c022cf.pdf",
		"text": "https://archive.orkl.eu/2b8ceb56d3e70184a8362e9325877cf462c022cf.txt",
		"img": "https://archive.orkl.eu/2b8ceb56d3e70184a8362e9325877cf462c022cf.jpg"
	}
}