{ "id": "a5fe2bbb-65a2-4dae-bfe0-39ac36a23dc7", "created_at": "2026-04-06T00:19:39.751215Z", "updated_at": "2026-04-10T03:37:20.273443Z", "deleted_at": null, "sha1_hash": "0116715c2542cd0e926d98066836aa26bb11f717", "title": "Russian-Ukrainian Cyber Warfare - Rewterz Threat Intelligence Rollup - Rewterz", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 81198, "plain_text": "Russian-Ukrainian Cyber Warfare - Rewterz Threat Intelligence\r\nRollup - Rewterz\r\nPublished: 2022-03-22 · Archived: 2026-04-05 15:08:59 UTC\r\nWhat’s Happening?\r\nTensions between the Ukrainian and Russian governments were running high at the beginning of 2022. And now,\r\nin a span of two months, Russia has launched devastating and catastrophic attacks on Ukraine. Cities are being\r\nbombed, people are losing their homes, and a mass exodus of refugees is expected. While the war on land\r\ncontinues, cyberspace is being used to weaken Ukraine’s defenses.\r\nRight now, we can’t deny the fact that the Russian security services are very capable in the cyber arena. Global IT\r\nsectors all around the world have welcomed Russian companies as full partners. On top of the list is Kaspersky,\r\nZer0Data, ANY.RUN, Site Secure, are the other known cybersecurity companies in Russia. \r\nAccording to resources, Kaspersky is the fourth largest anti-malware provider for Windows computers in terms of\r\nmarket share. If Russia decided to strike Asia and the Middle-East, it already had a ready-made channel: anti-malware software built to defend against that threat. \r\nWe at Rewterz are committed to providing actionable Threat Intelligence (TI) for humanitarian support, to secure\r\nand protect our customers globally. \r\nNote:\r\nRussian developers have developed a large portion of the code that organizations integrate into their\r\nRussian intelligence agencies are capable of enlisting the help of domestic criminals to achieve thei\r\nOutsourcing: A Competitive Advantage?\r\nAccording to a report, Russia’s IT outsourcing industry reached $6.75 billion in 2020. \r\nThis figure itself is quite alarming! It’s because outsourcing also assigns control of IT operations to the vendor\r\norganization. If Russia becomes a hostile player, the control granted by the organizations to Russian outsourcing\r\noperations could result in handing over all of their passwords and authentication credentials.\r\nBusiness Risks from the Escalating Cyber Warfare\r\nThe Russian-Ukrainian war will perhaps have the acute cyber risks on the business and financial sector. Economic\r\nsanctions and measures taken against Russia will ultimately warrant an asymmetric response from the immensely\r\nhttps://www.rewterz.com/articles/russian-ukrainian-cyber-warfare-rewterz-threat-intelligence-rollup\r\nPage 1 of 5\n\ncapable country.  \r\nOrganizations and countries that are opposing Russian aggression and are taking actions to limit Russian\r\ninvolvement in their commerce, contests, and events, can face an elevated risk of retaliation in the future.\r\nIt may be improbable that Russian vendors will give up their market edge to support a conflict. But, No one\r\nknows what the future holds. The Russian-Ukrainian conflict will likely pour over from the European borders to\r\nAsian and Middle Eastern countries. Cyber Vigilance has become a necessity, and if organizations believe that\r\nthey will not become a target, then they have already lost.  \r\nNote:\r\nSecond-order or third-order impacts are already seen in our cybersecurity environments as Chinese adv\r\nCyber Defense Assessment Recommended\r\nWhile the Russian-Ukrainian cyber warfare creates an atmosphere of uncertainty in Europe and globally, a need\r\nfor improved cybersecurity has arised. Some of the main cyberthreats that we believe will increase are DDoS\r\nattacks, APT attacks, Ransomware attacks, Phishing and Malware attacks, Zero-Day Vulnerabilities, Financial\r\nFrauds, and other emerging threats. \r\nRewterz has been actively monitoring the Russian-Ukrainian conflict and providing our customers with enriched\r\ninformation that will help improve your organization’s cyber posture. Given the rapid pace of events surrounding\r\nthe conflict, here is the chronological timeline of developments related to the ongoing cyberwar:\r\nAttack Timeline\r\n13th – 14th January, 2022\r\nIn mid-January 2022, More than 70 websites of the Ukrainian Ministry of Foreign Affairs and a number of\r\nother government agencies were down temporarily and provocative messages were left on the websites. \r\nMicrosoft also found a new and unique malware that was infecting the systems of Ukrainian politicians and\r\ngovernment affiliates. Dubbed as “WhisperGate,” this new malware was designed to render targeted\r\ndevices inoperable and intended to be destructive. \r\n4th February, 2022\r\nFake social media accounts of Russian IOs were also dismantled by Ukrainian Security Services. \r\n15th February, 2022\r\nOn February 15th, 2022, Distributed Denial-of-Service (DDoS) targeted Ukraine’s defense agencies and\r\nbanks. Several Ukrainian websites were impacted by this attack, including the Ministry of Foreign Affairs,\r\nhttps://www.rewterz.com/articles/russian-ukrainian-cyber-warfare-rewterz-threat-intelligence-rollup\r\nPage 2 of 5\n\nbank, government, and Defense Council. The attacks were of a moderate magnitude. The main objective of\r\nthis attack was to instill fear.\r\n23rd February, 2022 \r\nThe 2nd wave of DDoS attacks hit Ukraine. Ukraine Ministry Of Foreign Affairs, Security service of\r\nUkraine, Ministry of Defense, Ministry of Internal Affairs, and other Government institution websites were\r\ninaccessible for two hours.\r\n25th February, 2022\r\nSALTY SPIDER, a russian-based threat group, made use of its Sality botnet to launch DDoS attacks on\r\nUkrainian Web Forums. This HTTP request overflow attack was performed to get information from one of\r\nthe forums that discusses real-time events taking place in the city of Kharkiv. The main motive was also to\r\nshut down any information sharing against the Russian militia.  \r\n27th February, 2022\r\nThe Conti group opted to side with Russia, threatening to strike its rival’s key infrastructure. They later\r\nclarified that they condemn the war and deny being the allies of any government. Shortly after, a security\r\nresearcher released 13 months of sensitive data against the Russian nation-state actor. The data includes\r\nchat logs between the members of Conti and their victims with a bitcoin address, and it also contains\r\nmanuals on the deployment of the Cobalt Strike. \r\n28th February, 2022\r\nUkraine called upon cyber security experts and specialists to launch attacks against Russia. Amid the\r\nRussian-Ukrainian cyber warfare, both entities have been on the offensive; Russia invasion on Ukraine is\r\nnot only on the ground. As a response, Ukraine is recruiting white hat hacktivists to create an “IT Army” as\r\nsaid by Ukraine’s Minister for Digital Transformation Mykhaylo Fedorov. \r\nAnonymous, a hacktivist and activist collective, has declared its support for Ukraine in this ongoing cyber\r\nwar. In doing so, they have disabled Russian websites such as http://kremlin.ru/ and other government\r\nportals. In addition to this, the group also took down RT News and leaked 200GB of emails between\r\nBelarusian weapons maker Tetraedr and Russia. The collective also hacked Russian TV channels, played\r\nthe Ukrainian national anthem on them, and also showed uncensored news of what was happening in\r\nUkraine.\r\n1st March, 2022\r\nTrojan.Killdisk – a new disk-wiping malware was discovered by security researchers. HermeticWiper\r\n(Trojan.Killdisk) is interestingly digitally signed by a certificate issued to Hermetica Digital Ltd (the origin\r\nof the name). The wiper attacks were targeted towards Ukraine in support of the Russian invasion, and\r\nthese signatures can also be seen in attacks in Lithuania. Targeted sectors are aviation, defense, IT services,\r\nand the financial sector. \r\nhttps://www.rewterz.com/articles/russian-ukrainian-cyber-warfare-rewterz-threat-intelligence-rollup\r\nPage 3 of 5\n\nUNC1151 – a Minsk-based threat group – has been targeting the Ukrainian government officials and\r\nmilitary personnel with mass phishing emails. After the account is compromised, the attackers, by the\r\nIMAP protocol, get access to all the messages. Later, the attackers use contact details from the victim’s\r\naddress book to send the phishing emails.\r\n2nd March, 2022\r\nAnonymous Collective performed DDoS attacks on many Russian websites, government entities, and\r\ntelevision networks. The latest attack by the Anonymous-linked group Network Battalion 65 was on the\r\nRussian Nuclear Institute. The group released 40,000 files from the institute online. \r\nAfter HermeticWiper, another data-wiper to hit Ukraine was the IsaacWiper which is less sophisticated\r\nthan HermeticWiper but may be related to it. The wiper enumerates the physical and logical drives and\r\nthen recursively wipes the files off of each disk. This new version of the data-wiper also contains debug\r\nlogs. \r\n9th March, 2022\r\nAPT28 – aka FancyBear, a Russian-linked threat actor, has carried out massive credential phishing\r\nattempts targeting ukr.net users. UkrNet is a Ukrainian media organization. The phishing emails were sent\r\nfrom a significant number of hacked accounts (other than Google/Gmail) and include links to attacker-controlled domains.\r\nUNC1151 – a Minsk-based threat group – targeted the Ukrainian government officials and military\r\norganizations with mass phishing emails. The attackers use contact details from the victim’s address book\r\nto send phishing emails.\r\nMustang Panda, a Chinese threat actor group, has taken advantage of the Russian-Ukrainian cyberwarfare\r\nby deploying the virus Ukraine.exe.\r\n15th March, 2022\r\nCaddyWiper is another destructive data wiper suspected to be targeting Ukraine. \r\n16th March, 2022\r\nRussian Nation-State threat actors have started exploiting default MFA protocols and PrintNightmare\r\n(CVE-2021-34527) vulnerability to run arbitrary codes with elevated privileges. \r\n17th March, 2022\r\nSidewinder Group has been actively targeting the Government of Pakistan via phishing emails, dropping\r\nmalicious Word documents which enable macro when downloaded and executed. The malicious file\r\nsuspected of being used as an attachment has the name “FOCUSED TALK ON RUSSIAN UKRAINE\r\nCONFLICT.docx”.\r\nHow Can We Help?\r\nhttps://www.rewterz.com/articles/russian-ukrainian-cyber-warfare-rewterz-threat-intelligence-rollup\r\nPage 4 of 5\n\nRewterz is offering contextualized Threat Intelligence with Indicators, remediations, and\r\nrecommendations, that will lead to a stronger security posture in this present cyberwar.\r\nRewterz also provides customers with unparalleled insight to accelerate incident detection and response\r\nwith our expert intelligence.\r\nRewterz’s Threat Intelligence Analysts deliver sector and region-specific reports, threat alerts, insights that\r\nwill help shape your cybersecurity infrastructure.\r\nRewterz also offers rapid threat analysis, triage, contextualization, and correlation for insight into your\r\nspecific risk profile. \r\nWe are reaching out to let you know our entire organization is on high alert and that we are assisting our\r\ncustomers and the community in any way possible. \r\nTherefore, through our Threat Intelligence, Threat Hunting, and SOC services, we are making numerous\r\ncomplementary tools accessible to aid the larger global community.\r\nReferences\r\nGerden, E. (2022). Russian IT market growing steadily after the pandemic. Retrieved 27 October 2021, from\r\nhttps://www.computerweekly.com/news/252508694/Russian-IT-market-growing-steadily-after-pandemic \r\nGewirtz, D. (2022). How to avoid being unwillingly drafted as a cyber combatant in the Russia-Ukraine war |\r\nZDNet. Retrieved 25 February 2022, from https://www.zdnet.com/article/how-to-avoid-being-unwillingly-drafted-as-a-cyber-combatant-in-the-russia-ukraine-war/ \r\nR. Kolbe, P., Zabierek, L., \u0026 Morrow, M. (2022). The Cybersecurity Risks of an Escalating Russia-Ukraine\r\nConflict. Retrieved 18 February 2022, from https://hbr.org/2022/02/the-cybersecurity-risks-of-an-escalating-russia-ukraine-conflict \r\nRewterz Threat Alert – APT Mustang Panda – Active IOCs – Russian-Ukrainian Cyber Warfare | | Rewterz.\r\n(2022). Retrieved 1 March 2022, from https://rewterz.com/rewterz-news/rewterz-threat-alert-apt-mustang-panda-active-iocs-russian-ukrainian-cyber-warfare \r\nSADOWSKI, J., \u0026 HALL, R. (2022). Responses to Russia’s Invasion of Ukraine Likely to Spur Retaliation |\r\nMandiant. Retrieved 4 March 2022, from https://www.mandiant.com/resources/russia-invasion-ukraine-retaliation \r\nSource: https://www.rewterz.com/articles/russian-ukrainian-cyber-warfare-rewterz-threat-intelligence-rollup\r\nhttps://www.rewterz.com/articles/russian-ukrainian-cyber-warfare-rewterz-threat-intelligence-rollup\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "MISPGALAXY", "Malpedia" ], "references": [ "https://www.rewterz.com/articles/russian-ukrainian-cyber-warfare-rewterz-threat-intelligence-rollup" ], "report_names": [ "russian-ukrainian-cyber-warfare-rewterz-threat-intelligence-rollup" ], "threat_actors": [ { "id": "f29188d8-2750-4099-9199-09a516c58314", "created_at": "2025-08-07T02:03:25.068489Z", "updated_at": "2026-04-10T02:00:03.827361Z", "deleted_at": null, "main_name": "MOONSCAPE", "aliases": [ "TA445 ", "UAC-0051 ", "UNC1151 " ], "source_name": "Secureworks:MOONSCAPE", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "6d1762e8-c48c-4fda-b4d1-ecb91179720e", "created_at": "2022-10-25T16:07:24.55351Z", "updated_at": "2026-04-10T02:00:05.031489Z", "deleted_at": null, "main_name": "Salty Spider", "aliases": [], "source_name": "ETDA:Salty Spider", "tools": [ "Kookoo", "Kukacka", "Kuku", "SalLoad", "SaliCode", "Sality" ], "source_id": "ETDA", "reports": null }, { "id": "9fe7fd84-e2b4-4db5-9c90-c4a5791d3f94", "created_at": "2023-01-06T13:46:38.904178Z", "updated_at": "2026-04-10T02:00:03.14055Z", "deleted_at": null, "main_name": "SALTY SPIDER", "aliases": [], "source_name": "MISPGALAXY:SALTY SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8754f54b-7154-4996-b065-94f04f846022", "created_at": "2023-11-07T02:00:07.095161Z", "updated_at": "2026-04-10T02:00:03.405596Z", "deleted_at": null, "main_name": "NB65", "aliases": [ "Network Battalion 65" ], "source_name": "MISPGALAXY:NB65", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "119c8bea-816e-4799-942b-ff375026671e", "created_at": "2022-10-25T16:07:23.957309Z", "updated_at": "2026-04-10T02:00:04.807212Z", "deleted_at": null, "main_name": "Operation Ghostwriter", "aliases": [ "DEV-0257", "Operation Asylum Ambuscade", "PUSHCHA", "Storm-0257", "TA445", "UAC-0051", "UAC-0057", "UNC1151", "White Lynx" ], "source_name": "ETDA:Operation Ghostwriter", "tools": [ "Agentemis", "Cobalt Strike", "CobaltStrike", "HALFSHELL", "Impacket", "RADIOSTAR", "VIDEOKILLER", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "b69037ec-2605-4de4-bb32-a20d780a8406", "created_at": "2023-01-06T13:46:38.790766Z", "updated_at": "2026-04-10T02:00:03.101635Z", "deleted_at": null, "main_name": "MUSTANG PANDA", "aliases": [ "Stately Taurus", "LuminousMoth", "TANTALUM", "Twill Typhoon", "TEMP.HEX", "Earth Preta", "Polaris", "BRONZE PRESIDENT", "HoneyMyte", "Red Lich", "TA416" ], "source_name": "MISPGALAXY:MUSTANG PANDA", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d0c0a5ea-3066-42a5-846c-b13527f64a3e", "created_at": "2023-01-06T13:46:39.080551Z", "updated_at": "2026-04-10T02:00:03.206572Z", "deleted_at": null, "main_name": "RAZOR TIGER", "aliases": [ "APT-C-17", "T-APT-04", "SideWinder" ], "source_name": "MISPGALAXY:RAZOR TIGER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8a33d3ac-14ba-441c-92c1-39975e9e1a73", "created_at": "2023-01-06T13:46:39.195689Z", "updated_at": "2026-04-10T02:00:03.243054Z", "deleted_at": null, "main_name": "Ghostwriter", "aliases": [ "UAC-0057", "UNC1151", "TA445", "PUSHCHA", "Storm-0257", "DEV-0257" ], "source_name": "MISPGALAXY:Ghostwriter", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6daadf00-952c-408a-89be-aa490d891743", "created_at": "2025-08-07T02:03:24.654882Z", "updated_at": "2026-04-10T02:00:03.645565Z", "deleted_at": null, "main_name": "BRONZE PRESIDENT", "aliases": [ "Earth Preta ", "HoneyMyte ", "Mustang Panda ", "Red Delta ", "Red Lich ", "Stately Taurus ", "TA416 ", "Temp.Hex ", "Twill Typhoon " ], "source_name": "Secureworks:BRONZE PRESIDENT", "tools": [ "BlueShell", "China Chopper", "Claimloader", "Cobalt Strike", "HIUPAN", "ORat", "PTSOCKET", "PUBLOAD", "PlugX", "RCSession", "TONESHELL", "TinyNote" ], "source_id": "Secureworks", "reports": null }, { "id": "730dfa6e-572d-473c-9267-ea1597d1a42b", "created_at": "2023-01-06T13:46:38.389985Z", "updated_at": "2026-04-10T02:00:02.954105Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "Pawn Storm", "ATK5", "Fighting Ursa", "Blue Athena", "TA422", "T-APT-12", "APT-C-20", "UAC-0001", "IRON TWILIGHT", "SIG40", "UAC-0028", "Sofacy", "BlueDelta", "Fancy Bear", "GruesomeLarch", "Group 74", "ITG05", "FROZENLAKE", "Forest Blizzard", "FANCY BEAR", "Sednit", "SNAKEMACKEREL", "Tsar Team", "TG-4127", "STRONTIUM", "Grizzly Steppe", "G0007" ], "source_name": "MISPGALAXY:APT28", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6b9fc913-06c6-4432-8c58-86a3ac614564", "created_at": "2022-10-25T16:07:24.185236Z", "updated_at": "2026-04-10T02:00:04.893541Z", "deleted_at": null, "main_name": "SideWinder", "aliases": [ "APT-C-17", "APT-Q-39", "BabyElephant", "G0121", "GroupA21", "HN2", "Hardcore Nationalist", "Rattlesnake", "Razor Tiger", "SideWinder", "T-APT-04" ], "source_name": "ETDA:SideWinder", "tools": [ "BroStealer", "Capriccio RAT", "callCam" ], "source_id": "ETDA", "reports": null }, { "id": "9baa7519-772a-4862-b412-6f0463691b89", "created_at": "2022-10-25T15:50:23.354429Z", "updated_at": "2026-04-10T02:00:05.310361Z", "deleted_at": null, "main_name": "Mustang Panda", "aliases": [ "Mustang Panda", "TA416", "RedDelta", "BRONZE PRESIDENT", "STATELY TAURUS", "FIREANT", "CAMARO DRAGON", "EARTH PRETA", "HIVE0154", "TWILL TYPHOON", "TANTALUM", "LUMINOUS MOTH", "UNC6384", "TEMP.Hex", "Red Lich" ], "source_name": "MITRE:Mustang Panda", "tools": [ "CANONSTAGER", "STATICPLUGIN", "ShadowPad", "TONESHELL", "Cobalt Strike", "HIUPAN", "Impacket", "SplatCloak", "PAKLOG", "Wevtutil", "AdFind", "CLAIMLOADER", "Mimikatz", "PUBLOAD", "StarProxy", "CorKLOG", "RCSession", "NBTscan", "PoisonIvy", "SplatDropper", "China Chopper", "PlugX" ], "source_id": "MITRE", "reports": null }, { "id": "2ee03999-5432-4a65-a850-c543b4fefc3d", "created_at": "2022-10-25T16:07:23.882813Z", "updated_at": "2026-04-10T02:00:04.776949Z", "deleted_at": null, "main_name": "Mustang Panda", "aliases": [ "Bronze President", "Camaro Dragon", "Earth Preta", "G0129", "Hive0154", "HoneyMyte", "Mustang Panda", "Operation SMUGX", "Operation SmugX", "PKPLUG", "Red Lich", "Stately Taurus", "TEMP.Hex", "Twill Typhoon" ], "source_name": "ETDA:Mustang Panda", "tools": [ "9002 RAT", "AdFind", "Agent.dhwf", "Agentemis", "CHINACHOPPER", "China Chopper", "Chymine", "ClaimLoader", "Cobalt Strike", "CobaltStrike", "DCSync", "DOPLUGS", "Darkmoon", "Destroy RAT", "DestroyRAT", "Farseer", "Gen:Trojan.Heur.PT", "HOMEUNIX", "Hdump", "HenBox", "HidraQ", "Hodur", "Homux", "HopperTick", "Hydraq", "Impacket", "Kaba", "Korplug", "LadonGo", "MQsTTang", "McRAT", "MdmBot", "Mimikatz", "NBTscan", "NetSess", "Netview", "Orat", "POISONPLUG.SHADOW", "PUBLOAD", "PVE Find AD Users", "PlugX", "Poison Ivy", "PowerView", "QMAGENT", "RCSession", "RedDelta", "Roarur", "SPIVY", "ShadowPad Winnti", "SinoChopper", "Sogu", "TIGERPLUG", "TONEINS", "TONESHELL", "TVT", "TeamViewer", "Thoper", "TinyNote", "WispRider", "WmiExec", "XShellGhost", "Xamtrav", "Zupdax", "cobeacon", "nbtscan", "nmap", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "e3767160-695d-4360-8b2e-d5274db3f7cd", "created_at": "2022-10-25T16:47:55.914348Z", "updated_at": "2026-04-10T02:00:03.610018Z", "deleted_at": null, "main_name": "IRON TWILIGHT", "aliases": [ "APT28 ", "ATK5 ", "Blue Athena ", "BlueDelta ", "FROZENLAKE ", "Fancy Bear ", "Fighting Ursa ", "Forest Blizzard ", "GRAPHITE ", "Group 74 ", "PawnStorm ", "STRONTIUM ", "Sednit ", "Snakemackerel ", "Sofacy ", "TA422 ", "TG-4127 ", "Tsar Team ", "UAC-0001 " ], "source_name": "Secureworks:IRON TWILIGHT", "tools": [ "Downdelph", "EVILTOSS", "SEDUPLOADER", "SHARPFRONT" ], "source_id": "Secureworks", "reports": null }, { "id": "ae320ed7-9a63-42ed-944b-44ada7313495", "created_at": "2022-10-25T15:50:23.671663Z", "updated_at": "2026-04-10T02:00:05.283292Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "APT28", "IRON TWILIGHT", "SNAKEMACKEREL", "Group 74", "Sednit", "Sofacy", "Pawn Storm", "Fancy Bear", "STRONTIUM", "Tsar Team", "Threat Group-4127", "TG-4127", "Forest Blizzard", "FROZENLAKE", "GruesomeLarch" ], "source_name": "MITRE:APT28", "tools": [ "Wevtutil", "certutil", "Forfiles", "DealersChoice", "Mimikatz", "ADVSTORESHELL", "Komplex", "HIDEDRV", "JHUHUGIT", "Koadic", "Winexe", "cipher.exe", "XTunnel", "Drovorub", "CORESHELL", "OLDBAIT", "Downdelph", "XAgentOSX", "USBStealer", "Zebrocy", "reGeorg", "Fysbis", "LoJax" ], "source_id": "MITRE", "reports": null }, { "id": "173f1641-36e3-4bce-9834-c5372468b4f7", "created_at": "2022-10-25T15:50:23.349637Z", "updated_at": "2026-04-10T02:00:05.3486Z", "deleted_at": null, "main_name": "Sidewinder", "aliases": [ "Sidewinder", "T-APT-04" ], "source_name": "MITRE:Sidewinder", "tools": [ "Koadic" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434779, "ts_updated_at": 1775792240, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/0116715c2542cd0e926d98066836aa26bb11f717.pdf", "text": "https://archive.orkl.eu/0116715c2542cd0e926d98066836aa26bb11f717.txt", "img": "https://archive.orkl.eu/0116715c2542cd0e926d98066836aa26bb11f717.jpg" } }