{
	"id": "e41fb26f-0eb8-460d-bf75-9b592e88cf5f",
	"created_at": "2026-04-06T00:12:57.443743Z",
	"updated_at": "2026-04-10T03:21:23.643733Z",
	"deleted_at": null,
	"sha1_hash": "fb718bb701505853548a9e2479709465b121c730",
	"title": "Threat Group Cards: A Threat Actor Encyclopedia",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 49028,
	"plain_text": "Threat Group Cards: A Threat Actor Encyclopedia\nArchived: 2026-04-05 22:23:09 UTC\nHome \u003e List all groups \u003e List all tools \u003e List all groups using tool DMSniff\n Tool: DMSniff\nNames DMSniff\nCategory Malware\nType POS malware, Backdoor, Credential stealer, Botnet\nDescription\n(Flashpoint) Point-of-sale malware previously only privately sold has been used in\nbreaches of small- and medium-sized businesses in the restaurant and entertainment\nindustries. The malware, known as DMSniff, also uses a domain generation algorithm\n(DGA) to create lists of command-and-control domains on the fly. This technique is\nvaluable to an attacker because if domains are taken down by law enforcement,\ntechnology companies, or hosting providers, the malware can still communicate and\nreceive commands or share stolen data.\nInformation\nMalpedia AlienVault OTX Last change to this tool card: 25 May 2020\nDownload this tool card in JSON format\nAll groups using tool DMSniff\nChanged Name Country Observed\nUnknown groups\n _[ Interesting malware not linked to an actor yet ]_\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=16da60d7-679d-44e6-b978-5256ee10f428\nPage 1 of 2\n\n1 group listed (0 APT, 0 other, 1 unknown)\r\nSource: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=16da60d7-679d-44e6-b978-5256ee10f428\r\nhttps://apt.etda.or.th/cgi-bin/listgroups.cgi?u=16da60d7-679d-44e6-b978-5256ee10f428\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=16da60d7-679d-44e6-b978-5256ee10f428"
	],
	"report_names": [
		"listgroups.cgi?u=16da60d7-679d-44e6-b978-5256ee10f428"
	],
	"threat_actors": [],
	"ts_created_at": 1775434377,
	"ts_updated_at": 1775791283,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fb718bb701505853548a9e2479709465b121c730.pdf",
		"text": "https://archive.orkl.eu/fb718bb701505853548a9e2479709465b121c730.txt",
		"img": "https://archive.orkl.eu/fb718bb701505853548a9e2479709465b121c730.jpg"
	}
}