{
	"id": "f0659e2a-b450-48b2-9148-b049c7bd53f1",
	"created_at": "2026-04-06T00:11:30.657427Z",
	"updated_at": "2026-04-10T03:21:06.635448Z",
	"deleted_at": null,
	"sha1_hash": "b44728d6bfe6c6819498976c751aa906a2a20fb6",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29413,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 14:34:29 UTC\r\nDescription(Trend Micro) In 2012, the source code of BlackPOS was leaked, enabling other cybercriminals and\r\nattackers to enhance its code.\r\nEven though BlackPOS ver2 has an entirely different code compared to the BlackPOS which compromised Target,\r\nit duplicates the data exfiltration technique used by the Target BlackPOS. It is an improved clone of the original,\r\nwhich is why we decided to call this BlackPOS ver2.\r\nIt is also being reported in the press that some security vendors called this malware as “FrameworkPOS.”\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=41ad02a6-84e7-4a4a-bc6f-ac6ac0d8219b\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=41ad02a6-84e7-4a4a-bc6f-ac6ac0d8219b\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=41ad02a6-84e7-4a4a-bc6f-ac6ac0d8219b"
	],
	"report_names": [
		"listgroups.cgi?u=41ad02a6-84e7-4a4a-bc6f-ac6ac0d8219b"
	],
	"threat_actors": [],
	"ts_created_at": 1775434290,
	"ts_updated_at": 1775791266,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b44728d6bfe6c6819498976c751aa906a2a20fb6.pdf",
		"text": "https://archive.orkl.eu/b44728d6bfe6c6819498976c751aa906a2a20fb6.txt",
		"img": "https://archive.orkl.eu/b44728d6bfe6c6819498976c751aa906a2a20fb6.jpg"
	}
}