{
	"id": "8e08a13b-bed4-49de-ad80-e3f357190d39",
	"created_at": "2026-04-06T00:21:14.629254Z",
	"updated_at": "2026-04-10T13:12:24.799534Z",
	"deleted_at": null,
	"sha1_hash": "d4b304d4e187009d13e2962ed69cf69d5deef8d2",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 46099,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 23:21:19 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool NewPosThings\n Tool: NewPosThings\nNames NewPosThings\nCategory Malware\nType POS malware, Keylogger, Credential stealer\nDescription\n(Trend Micro) Similar to the previous 32-bit version reported last year, the 64-bit sample\nis a multifunction Trojan that includes added functionalities and routines. These include\nRAM scraper capabilities, keylogging routines, dumping virtual network computing\n(VNC) passwords, and information gathering.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 24 May 2020\nDownload this tool card in JSON format\nAll groups using tool NewPosThings\nChanged Name Country Observed\nAPT groups\n Operation Black Atlas [Unknown] 2015\n1 group listed (1 APT, 0 other, 0 unknown)\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=72e9165f-9f68-41af-9143-879a69524aba\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=72e9165f-9f68-41af-9143-879a69524aba\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=72e9165f-9f68-41af-9143-879a69524aba"
	],
	"report_names": [
		"listgroups.cgi?u=72e9165f-9f68-41af-9143-879a69524aba"
	],
	"threat_actors": [
		{
			"id": "5c457d56-6078-4a86-ac5c-e3e91fa278e7",
			"created_at": "2022-10-25T16:07:23.934665Z",
			"updated_at": "2026-04-10T02:00:04.795018Z",
			"deleted_at": null,
			"main_name": "Operation Black Atlas",
			"aliases": [],
			"source_name": "ETDA:Operation Black Atlas",
			"tools": [
				"Alina POS",
				"BlackPOS",
				"Diamond Fox",
				"DiamondFox",
				"FrameworkPOS",
				"Gorynch",
				"Gorynych",
				"Kaptoxa",
				"MMon",
				"ModPOS",
				"NewPosThings",
				"POSWDS",
				"Reedum",
				"alina_eagle",
				"alina_spark",
				"aline_joker",
				"katrina",
				"straxbot"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434874,
	"ts_updated_at": 1775826744,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d4b304d4e187009d13e2962ed69cf69d5deef8d2.pdf",
		"text": "https://archive.orkl.eu/d4b304d4e187009d13e2962ed69cf69d5deef8d2.txt",
		"img": "https://archive.orkl.eu/d4b304d4e187009d13e2962ed69cf69d5deef8d2.jpg"
	}
}