{
	"id": "1b095686-919f-45a7-9a77-497cd091ac3b",
	"created_at": "2026-04-06T00:13:38.389736Z",
	"updated_at": "2026-04-10T03:21:22.014961Z",
	"deleted_at": null,
	"sha1_hash": "7518b8e84a7b569e53f49f486b4654d2a9ddc134",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47815,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 21:31:10 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool UDPoS\r\n Tool: UDPoS\r\nNames UDPoS\r\nCategory Malware\r\nType POS malware, Credential stealer\r\nDescription\r\n(Forcepoint) Point of Sale malware has been around for some time and has been deployed\r\nagainst a broad range of businesses from retailers to hotel groups. However, this appears\r\nto be a new family which we are currently calling 'UDPoS' owing to its heavy use of\r\nUDP-based DNS traffic. At the time of writing, it's unclear whether the malware is\r\ncurrently being used in campaigns in the wild, although the coordinated use of LogMeIn-themed filenames and C2 URLs, coupled with evidence of an earlier Intel-themed variant,\r\nsuggest that it may well be.\r\nInformation\r\n\u003chttps://www.forcepoint.com/blog/x-labs/udpos-exfiltrating-credit-card-data-dns\u003e\r\n\u003chttps://threatmatrix.cylance.com/en_us/home/threat-spotlight-inside-udpos-malware.html\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.udpos\u003e\r\nAlienVault OTX \u003chttps://otx.alienvault.com/browse/pulses?q=tag:udp%20pos\u003e\r\nLast change to this tool card: 24 May 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool UDPoS\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d1b2544d-3721-4d8f-91e6-5d777a5f56d9\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d1b2544d-3721-4d8f-91e6-5d777a5f56d9\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d1b2544d-3721-4d8f-91e6-5d777a5f56d9\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=d1b2544d-3721-4d8f-91e6-5d777a5f56d9"
	],
	"report_names": [
		"listgroups.cgi?u=d1b2544d-3721-4d8f-91e6-5d777a5f56d9"
	],
	"threat_actors": [],
	"ts_created_at": 1775434418,
	"ts_updated_at": 1775791282,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7518b8e84a7b569e53f49f486b4654d2a9ddc134.pdf",
		"text": "https://archive.orkl.eu/7518b8e84a7b569e53f49f486b4654d2a9ddc134.txt",
		"img": "https://archive.orkl.eu/7518b8e84a7b569e53f49f486b4654d2a9ddc134.jpg"
	}
}