{
	"id": "39e1110b-28af-4ab1-be3c-a2c588fef283",
	"created_at": "2026-04-06T00:06:49.915394Z",
	"updated_at": "2026-04-10T03:21:16.933196Z",
	"deleted_at": null,
	"sha1_hash": "bc76ea3a9af53850535b47a628ecbaf948b7ca7c",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 45506,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 19:50:38 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool NeoPocket\r\n Tool: NeoPocket\r\nNames NeoPocket\r\nCategory Malware\r\nType ATM malware, Keylogger, Info stealer, Credential stealer\r\nDescription\r\n(Trend Micro) NeoPocket is an information-stealing malware that targets ATMs manufactured\r\nby Diebold. S21sec discovered NeoPocket in April 2014. Unlike the majority of ATM\r\nmalware, NeoPocket does not steal cash from the ATM as it focuses on data theft only. The\r\nmalware steals ATM transaction data using a man-in-the-middle (MitM) attack and keylogs\r\nuser input from specific application windows. This stolen data can be sold in deep web\r\nmarkets for use in creating counterfeit payment cards and carrying out fraudulent fund\r\ntransfers out of victims’ accounts. Because no cash is stolen from the ATM, the compromise\r\ntends to remain undetected for prolonged periods and thus allows the criminal group behind\r\nNeoPocket to collect large amounts of sensitive data.\r\nInformation \u003chttps://documents.trendmicro.com/assets/white_papers/wp-cashing-in-on-atm-malware.pdf\u003e\r\nLast change to this tool card: 25 May 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool NeoPocket\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=30167aa4-f817-4f53-bb8f-f83ac938156a\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=30167aa4-f817-4f53-bb8f-f83ac938156a\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=30167aa4-f817-4f53-bb8f-f83ac938156a"
	],
	"report_names": [
		"listgroups.cgi?u=30167aa4-f817-4f53-bb8f-f83ac938156a"
	],
	"threat_actors": [],
	"ts_created_at": 1775434009,
	"ts_updated_at": 1775791276,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bc76ea3a9af53850535b47a628ecbaf948b7ca7c.pdf",
		"text": "https://archive.orkl.eu/bc76ea3a9af53850535b47a628ecbaf948b7ca7c.txt",
		"img": "https://archive.orkl.eu/bc76ea3a9af53850535b47a628ecbaf948b7ca7c.jpg"
	}
}