{
	"id": "44108c56-72af-496c-b50f-10495cb43f7a",
	"created_at": "2026-04-06T00:18:11.061688Z",
	"updated_at": "2026-04-10T03:21:26.739033Z",
	"deleted_at": null,
	"sha1_hash": "6501e47b3ad1c9a0c5c42be54f45d358eeb9ea9a",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47818,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 14:25:14 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool KINS\n Tool: KINS\nNames\nKINS\nMaple\nZeus.Maple\nKasper Internet Non-Security\nCategory Malware\nType Banking trojan, Credential stealer\nDescription\n(IBM) Trusteer researcher Avidan Avraham, who conducted a thorough analysis on the new\nvariant, explains that ZeuS.Maple is a heavily modified version of Zeus 2.0.8.9. It implements\nunique browser re-patching techniques (browser patching is a method of stealing information\nfrom browser sessions; re-patching ensures the patch stays in place), an alternative naming\ngeneration algorithm, different anti-debugging and new anti-VM capabilities. It uses an\nencrypted configuration stored in the Windows registry, and in order to remain stealthy,\nZeuS.Maple distribution in the wild is limited and controlled.\nInformation\nMalpedia Last change to this tool card: 28 December 2022\nDownload this tool card in JSON format\nAll groups using tool KINS\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a94f5ac-0390-4c90-aeea-1e41652dc492\nPage 1 of 2\n\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a94f5ac-0390-4c90-aeea-1e41652dc492\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a94f5ac-0390-4c90-aeea-1e41652dc492\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0a94f5ac-0390-4c90-aeea-1e41652dc492"
	],
	"report_names": [
		"listgroups.cgi?u=0a94f5ac-0390-4c90-aeea-1e41652dc492"
	],
	"threat_actors": [],
	"ts_created_at": 1775434691,
	"ts_updated_at": 1775791286,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6501e47b3ad1c9a0c5c42be54f45d358eeb9ea9a.pdf",
		"text": "https://archive.orkl.eu/6501e47b3ad1c9a0c5c42be54f45d358eeb9ea9a.txt",
		"img": "https://archive.orkl.eu/6501e47b3ad1c9a0c5c42be54f45d358eeb9ea9a.jpg"
	}
}