{
	"id": "77d2c9e9-b350-4768-9c08-05dc24d66a2d",
	"created_at": "2026-04-06T01:29:21.754032Z",
	"updated_at": "2026-04-10T03:22:11.670746Z",
	"deleted_at": null,
	"sha1_hash": "794a99017c9f602246f797e82341691b6322f3eb",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 48974,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-06 00:13:49 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Ares\r\n Tool: Ares\r\nNames Ares\r\nCategory Malware\r\nType Banking trojan, Backdoor, Info stealer, Keylogger, Credential stealer, Exfiltration\r\nDescription\r\n(Zscaler) In February 2021, Zscaler ThreatLabz identified a new Kronos variant that surfaced\r\nvia spam campaigns to German speakers, which calls itself Ares. In Greek mythology, Ares is\r\nthe son of Zeus and grandson of Kronos. Thus, the naming convention appears to refer to this\r\nnew malware variant as the third generation of Kronos. Ares still appears to be in development\r\nalongside an information stealer that harvests credentials from various applications including\r\nVPN clients, web browsers, and the malware can exfiltrate arbitrary files and cryptocurrency\r\nwallets.\r\nInformation\r\n\u003chttps://www.zscaler.com/blogs/security-research/ares-malware-grandson-kronos-banking-trojan\u003e\r\n\u003chttps://www.zscaler.com/blogs/security-research/ares-banking-trojan-learns-old-tricks-adds-defunct-qakbot-dga\u003e\r\nMalpedia \u003chttps://malpedia.caad.fkie.fraunhofer.de/details/win.ares\u003e\r\nLast change to this tool card: 29 December 2022\r\nDownload this tool card in JSON format\r\nAll groups using tool Ares\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=96a3050d-9a39-4f47-912b-ff2de69327a2\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=96a3050d-9a39-4f47-912b-ff2de69327a2\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=96a3050d-9a39-4f47-912b-ff2de69327a2\r\nPage 2 of 2\n\nUnknown groups _[ Interesting malware not linked to an actor yet ]_\n1 group listed (0 APT, 0 other, 1 unknown) \n   Page 1 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=96a3050d-9a39-4f47-912b-ff2de69327a2"
	],
	"report_names": [
		"listgroups.cgi?u=96a3050d-9a39-4f47-912b-ff2de69327a2"
	],
	"threat_actors": [],
	"ts_created_at": 1775438961,
	"ts_updated_at": 1775791331,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/794a99017c9f602246f797e82341691b6322f3eb.pdf",
		"text": "https://archive.orkl.eu/794a99017c9f602246f797e82341691b6322f3eb.txt",
		"img": "https://archive.orkl.eu/794a99017c9f602246f797e82341691b6322f3eb.jpg"
	}
}