{
	"id": "b78578c6-4bb7-447b-a0fb-d9307ab196f5",
	"created_at": "2026-04-06T03:37:59.543692Z",
	"updated_at": "2026-04-10T03:33:51.365435Z",
	"deleted_at": null,
	"sha1_hash": "082aef6bb7355ed09abe139f3e58afb2d91381fb",
	"title": "RogueRobinNET (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 42241,
	"plain_text": "RogueRobinNET (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-06 03:09:47 UTC\r\nwin.roguerobin (Back to overview)\r\nRogueRobinNET\r\nActor(s): DarkHydrus\r\nA .NET variant of ps1.roguerobin\r\nReferences\r\n2021-02-18 ⋅ PTSecurity ⋅ PTSecurity\r\nhttps://www.ptsecurity.com/ww-en/analytics/antisandbox-techniques/\r\nPoet RAT Gravity RAT Ketrican Okrum OopsIE Remcos RogueRobinNET RokRAT SmokeLoader\r\n2019-08-12 ⋅ Kindred Security ⋅ Kindred Security\r\nAn Overview of Public Platform C2’s\r\nHTML5 Encoding LOWBALL Makadocs MiniDuke RogueRobinNET RokRAT\r\n2019-01-16 ⋅ 360.cn ⋅ Qi Anxin\r\nLatest Target Attack of DarkHydruns Group Against Middle East\r\nRogueRobinNET DarkHydrus\r\n2019-01-08 ⋅ paloalto Netoworks: Unit42 ⋅ Bryan Lee, Robert Falcone\r\nDarkHydrus delivers new Trojan that can use Google Drive for C2 communications\r\nRogueRobinNET DarkHydrus\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.roguerobin\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.roguerobin\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.roguerobin"
	],
	"report_names": [
		"win.roguerobin"
	],
	"threat_actors": [
		{
			"id": "6efb28db-4d91-46cb-8ab7-fe9e8449ccfc",
			"created_at": "2023-01-06T13:46:38.772861Z",
			"updated_at": "2026-04-10T02:00:03.095095Z",
			"deleted_at": null,
			"main_name": "DarkHydrus",
			"aliases": [
				"LazyMeerkat",
				"G0079",
				"Obscure Serpens"
			],
			"source_name": "MISPGALAXY:DarkHydrus",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "5b04780e-7b64-4e62-b776-c6749ff7dec8",
			"created_at": "2022-10-25T16:07:23.531741Z",
			"updated_at": "2026-04-10T02:00:04.643562Z",
			"deleted_at": null,
			"main_name": "DarkHydrus",
			"aliases": [
				"ATK 77",
				"DarkHydrus",
				"G0079",
				"LazyMeerkat",
				"Obscure Serpens"
			],
			"source_name": "ETDA:DarkHydrus",
			"tools": [
				"Agentemis",
				"Cobalt Strike",
				"CobaltStrike",
				"Mimikatz",
				"Phishery",
				"RogueRobin",
				"RogueRobinNET",
				"Trojan.Phisherly",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "4fe925e8-95e5-4a63-9f96-4d0f9bedac08",
			"created_at": "2022-10-25T15:50:23.469077Z",
			"updated_at": "2026-04-10T02:00:05.384299Z",
			"deleted_at": null,
			"main_name": "DarkHydrus",
			"aliases": [
				"DarkHydrus"
			],
			"source_name": "MITRE:DarkHydrus",
			"tools": [
				"Mimikatz",
				"RogueRobin",
				"Cobalt Strike"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775446679,
	"ts_updated_at": 1775792031,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/082aef6bb7355ed09abe139f3e58afb2d91381fb.pdf",
		"text": "https://archive.orkl.eu/082aef6bb7355ed09abe139f3e58afb2d91381fb.txt",
		"img": "https://archive.orkl.eu/082aef6bb7355ed09abe139f3e58afb2d91381fb.jpg"
	}
}