{
	"id": "9a36c0ea-43b8-44c0-9055-a58bd118a550",
	"created_at": "2026-04-06T00:12:42.027102Z",
	"updated_at": "2026-04-10T03:20:33.343148Z",
	"deleted_at": null,
	"sha1_hash": "701b87e06e38090797e6286232c9073c31defdc1",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 52012,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 19:41:04 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool JackPOS\n Tool: JackPOS\nNames JackPOS\nCategory Malware\nType POS malware, Reconnaissance, Backdoor, Credential stealer, Botnet\nDescription\n(Trustwave) Overall, this malware is quite rudimentary. A number of bugs (some of which\nI've mentioned in this blog post) show a lack of sophistication and, possibly, a rush on the\nauthor's part. There are a number of artifacts that link this malware family to others we've\nseen. The blacklist of process names is extremely similar to the ones discovered in the\nAlina POS malware family. Additionally, the installation path very much reminds me of\nthe early Dexter variants. It's certainly likely that because these malware families' code\nhas been leaked online, the author used at least some of this code as a basis for JackPOS.\nWhile the malware technically has a command and control (C\u0026C) component to it,\noverall it's quite limited and not nearly as robust as other examples seen in the past. I\nmentioned originally that I wanted to see if JackPOS brought something special to the\ntable. I'm going to have to answer that question with a resounding 'no' in this particular\ncase. However, while this family does not bring any innovative characteristics to the POS\nmalware scene, as history has taught us, it should still very much be considered a real\nthreat.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 25 May 2020\nDownload this tool card in JSON format\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=067de1ba-dafb-4c9b-9d60-50a4953d65d8\nPage 1 of 2\n\nAll groups using tool JackPOS\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=067de1ba-dafb-4c9b-9d60-50a4953d65d8\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=067de1ba-dafb-4c9b-9d60-50a4953d65d8\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=067de1ba-dafb-4c9b-9d60-50a4953d65d8"
	],
	"report_names": [
		"listgroups.cgi?u=067de1ba-dafb-4c9b-9d60-50a4953d65d8"
	],
	"threat_actors": [],
	"ts_created_at": 1775434362,
	"ts_updated_at": 1775791233,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/701b87e06e38090797e6286232c9073c31defdc1.pdf",
		"text": "https://archive.orkl.eu/701b87e06e38090797e6286232c9073c31defdc1.txt",
		"img": "https://archive.orkl.eu/701b87e06e38090797e6286232c9073c31defdc1.jpg"
	}
}