{ "id": "f8f985c7-e8d3-48de-bafd-c22bba29afb2", "created_at": "2026-04-06T00:06:30.150072Z", "updated_at": "2026-04-10T13:12:32.05619Z", "deleted_at": null, "sha1_hash": "d7f849d26d3e3fef9ea34c1a83987984ef139daf", "title": "Silent Night - Threat Group Cards: A Threat Actor Encyclopedia", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 49595, "plain_text": "Silent Night - Threat Group Cards: A Threat Actor Encyclopedia\r\nArchived: 2026-04-05 20:28:45 UTC\r\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool Silent Night\r\n Tool: Silent Night\r\nNames Silent Night\r\nCategory Malware\r\nType Banking trojan, Backdoor, Keylogger, Info stealer, Credential stealer, Tunneling, Botnet\r\nDescription\r\n(Malwarebytes) Recently, we have been observinganother bot, with the design reminding\r\nof Zeus, that seems to be fairly new (a 1.0 version was compiled at the end of November\r\n2019), and is actively developed. Since the specific name of this malware was for a long\r\ntime unknown among researchers, it happened to be referenced by a generic term\r\nZLoader/Zbot (a common name used to refer to any malware related to the ZeuS family).\r\nOur investigation led us to find that this is a new family built upon the ZeuS heritage,\r\nbeing sold under the name “Silent Night”. In our report, we will call it “Silent Night”\r\nZbot.\r\nInformation\r\n\u003chttps://resources.malwarebytes.com/files/2020/05/The-Silent-Night-Zloader-Zbot_Final.pdf\u003e\r\nAlienVault OTX \u003chttps://otx.alienvault.com/browse/pulses?q=tag:Silent%20Night\u003e\r\nLast change to this tool card: 26 May 2020\r\nDownload this tool card in JSON format\r\nAll groups using tool Silent Night\r\nChanged Name Country Observed\r\nUnknown groups\r\n  _[ Interesting malware not linked to an actor yet ]_  \r\n1 group listed (0 APT, 0 other, 1 unknown)\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=11a30645-cbfa-4641-b144-3b1eb38b3446\r\nPage 1 of 2\n\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=11a30645-cbfa-4641-b144-3b1eb38b3446\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=11a30645-cbfa-4641-b144-3b1eb38b3446\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=11a30645-cbfa-4641-b144-3b1eb38b3446" ], "report_names": [ "listgroups.cgi?u=11a30645-cbfa-4641-b144-3b1eb38b3446" ], "threat_actors": [], "ts_created_at": 1775433990, "ts_updated_at": 1775826752, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/d7f849d26d3e3fef9ea34c1a83987984ef139daf.pdf", "text": "https://archive.orkl.eu/d7f849d26d3e3fef9ea34c1a83987984ef139daf.txt", "img": "https://archive.orkl.eu/d7f849d26d3e3fef9ea34c1a83987984ef139daf.jpg" } }