{
	"id": "d6d4a0a1-a373-41e4-90b3-275816c23350",
	"created_at": "2026-04-06T00:19:35.515104Z",
	"updated_at": "2026-04-10T13:11:50.013349Z",
	"deleted_at": null,
	"sha1_hash": "7199ae7818b1a55faf5bf997be2b541380a53f90",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47806,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 19:10:01 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool CenterPOS\r\n Tool: CenterPOS\r\nNames\r\nCenterPOS\r\nCerebrus\r\nCategory Malware\r\nType POS malware, Backdoor, Credential stealer\r\nDescription\r\n(FireEye) CenterPOS malware was initially discovered in September 2015 in a directory\r\nfilled with other POS malware, including NewPoSThings, two Alina POS variants known\r\nas “Spark” and “Joker,” and BlackPOS. This CenterPOS sample\r\n(171c4c62ab2001c2f2394c3ec021dfa3) contains an internal version of “1.7” and is a\r\nmemory scraper that iterates through running processes in order to extract payment card\r\ninformation. The payment card information is transferred to a command and control\r\n(CnC) server via HTTP POST:\r\nInformation \u003chttps://www.fireeye.com/blog/threat-research/2016/01/centerpos_an_evolvi.html\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.centerpos\u003e\r\nAlienVault OTX \u003chttps://otx.alienvault.com/browse/pulses?q=tag:CenterPOS\u003e\r\nLast change to this tool card: 24 May 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool CenterPOS\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=af2af621-086d-4b01-af40-c4e0a406ccba\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=af2af621-086d-4b01-af40-c4e0a406ccba\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=af2af621-086d-4b01-af40-c4e0a406ccba\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=af2af621-086d-4b01-af40-c4e0a406ccba"
	],
	"report_names": [
		"listgroups.cgi?u=af2af621-086d-4b01-af40-c4e0a406ccba"
	],
	"threat_actors": [],
	"ts_created_at": 1775434775,
	"ts_updated_at": 1775826710,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7199ae7818b1a55faf5bf997be2b541380a53f90.pdf",
		"text": "https://archive.orkl.eu/7199ae7818b1a55faf5bf997be2b541380a53f90.txt",
		"img": "https://archive.orkl.eu/7199ae7818b1a55faf5bf997be2b541380a53f90.jpg"
	}
}