{
	"id": "09199603-30c3-4302-b0fd-7d3acbec8148",
	"created_at": "2026-04-06T00:19:57.213338Z",
	"updated_at": "2026-04-10T03:21:34.910419Z",
	"deleted_at": null,
	"sha1_hash": "7d7dfbd2cbd95dcb3144150ca7796acb15d6e659",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 47761,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 21:31:56 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Punkey\n Tool: Punkey\nNames\nPunkey\nPunkeyPOS\nPunkey POS\npospunk\nposcardstealer\nCategory Malware\nType POS malware, Credential stealer\nDescription\n(Trustwave) During a recent United States Secret Service investigation, Trustwave\nencountered a new family of POS malware, that we named Punkey. It appears to have\nevolved from the NewPosThings family of malware first discovered by Dennis Schwarz\nand Dave Loftus at Arbor Networks. While this malware shares some commonalities with\nthat family, it departs from the standard operating procedure of the previous versions\nrather dramatically. In a blog post, TrendMicro also detailed recently compiled versions of\nthe NewPOSthings family that bear a closer resemblance to NewPOSthings than Punkey.\nThis suggests that multiple actors may be using similar source code, or the malware is\nbeing customized as a service for targeted campaigns.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 30 November 2023\nDownload this tool card in JSON format\nAll groups using tool Punkey\nChanged Name Country Observed\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0f1accf5-8212-45a5-a3a3-ec852eb28065\nPage 1 of 2\n\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0f1accf5-8212-45a5-a3a3-ec852eb28065\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0f1accf5-8212-45a5-a3a3-ec852eb28065\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=0f1accf5-8212-45a5-a3a3-ec852eb28065"
	],
	"report_names": [
		"listgroups.cgi?u=0f1accf5-8212-45a5-a3a3-ec852eb28065"
	],
	"threat_actors": [],
	"ts_created_at": 1775434797,
	"ts_updated_at": 1775791294,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7d7dfbd2cbd95dcb3144150ca7796acb15d6e659.pdf",
		"text": "https://archive.orkl.eu/7d7dfbd2cbd95dcb3144150ca7796acb15d6e659.txt",
		"img": "https://archive.orkl.eu/7d7dfbd2cbd95dcb3144150ca7796acb15d6e659.jpg"
	}
}