{ "id": "f76c0b71-f9a0-4d3f-a146-d51ea9adb105", "created_at": "2026-04-06T00:19:28.165972Z", "updated_at": "2026-04-10T03:35:34.627851Z", "deleted_at": null, "sha1_hash": "22ed0cb7119729ec80484cb796f3ec84b14062bf", "title": "RagnarLocker (Malware Family)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 160156, "plain_text": "RagnarLocker (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 13:37:35 UTC\r\nThere is no description at this point.\r\n2023-12-22 ⋅ PRODAFT ⋅\r\nSmoke and Mirrors: Understanding The Workings of Wazawaka\r\nConti Monti Babuk Hive LockBit RagnarLocker Trigona 2023-10-20 ⋅ TechCrunch ⋅ Carly Page\r\nAuthorities confirm RagnarLocker ransomware taken down during international sting\r\nRagnarLocker RagnarLocker 2023-03-30 ⋅ United States District Court (Eastern District of New York) ⋅ Fortra, HEALTH-ISAC,\r\nMicrosoft\r\nCracked Cobalt Strike (1:23-cv-02447)\r\nBlack Basta BlackCat LockBit RagnarLocker LockBit Black Basta BlackCat Cobalt Strike Cuba Emotet LockBit\r\nMount Locker PLAY QakBot RagnarLocker Royal Ransom Zloader 2022-06-23 ⋅ Kaspersky ⋅ Danila Nasonov, Natalya\r\nShornikova, Nikita Nazarov, Vasily Davydov, Vladislav Burtsev\r\nThe hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs (Download Form)\r\nBlackByte BlackCat Clop Conti Hive LockBit Mespinoza RagnarLocker 2022-05-05 ⋅ Intel 471 ⋅ Intel 471\r\nCybercrime loves company: Conti cooperated with other ransomware gangs\r\nLockBit Maze RagnarLocker Ryuk 2022-05-01 ⋅ BushidoToken ⋅ BushidoToken\r\nGamer Cheater Hacker Spy\r\nEgregor HelloKitty NetfilterRootkit RagnarLocker Winnti 2022-03-17 ⋅ Sophos ⋅ Tilly Travers\r\nThe Ransomware Threat Intelligence Center\r\nATOMSILO Avaddon AvosLocker BlackKingdom Ransomware BlackMatter Conti Cring DarkSide dearcry\r\nDharma Egregor Entropy Epsilon Red Gandcrab Karma LockBit LockFile Mailto Maze Nefilim RagnarLocker\r\nRagnarok REvil RobinHood Ryuk SamSam Snatch WannaCryptor WastedLocker 2022-03-09 ⋅ The Register ⋅ Jessica\r\nLyons Hardcastle\r\nRagnar ransomware gang hit 52 critical US orgs, says FBI\r\nRagnarLocker 2022-03-09 ⋅ Cyware ⋅ Cyware\r\nRagnar Locker Breached 52 Organizations and Counting, FBI Warns\r\nRagnarLocker 2022-03-07 ⋅ FBI ⋅ FBI\r\nFBI Flash CU-000163-MW: RagnarLocker Ransomware Indicators of Compromise\r\nRagnarLocker 2022-03-07 ⋅ Bleeping Computer ⋅ Sergiu Gatlan\r\nFBI: Ransomware gang breached 52 US critical infrastructure orgs\r\nRagnarLocker 2022-02-28 ⋅ Trellix ⋅ Taylor Mullins\r\nTrellix Global Defenders: Analysis and Protections for RagnarLocker Ransomware\r\nRagnarLocker RagnarLocker 2022-01-20 ⋅ Cybleinc ⋅ Cyble\r\nDeep Dive Into Ragnar_locker Ransomware Gang\r\nRagnarLocker 2021-10-11 ⋅ Accenture ⋅ Accenture Cyber Threat Intelligence\r\nMoving Left of the Ransomware Boom\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ragnarlocker\r\nPage 1 of 4\n\nREvil Cobalt Strike MimiKatz RagnarLocker REvil 2021-08-19 ⋅ Seguranca Informatica ⋅ Pedro Tavares\r\nRagnar Locker – Malware analysis\r\nRagnarLocker 2021-08-15 ⋅ Symantec ⋅ Threat Hunter Team\r\nThe Ransomware Threat\r\nBabuk BlackMatter DarkSide Avaddon Babuk BADHATCH BazarBackdoor BlackMatter Clop Cobalt Strike\r\nConti DarkSide DoppelPaymer Egregor Emotet FiveHands FriedEx Hades IcedID LockBit Maze MegaCortex\r\nMimiKatz QakBot RagnarLocker REvil Ryuk TrickBot WastedLocker 2021-06-12 ⋅ Twitter (@AltShiftPrtScn) ⋅ Peter\r\nMackenzie\r\nA thread on RagnarLocker ransomware group's TTP seen in an Incident Response\r\nCobalt Strike RagnarLocker 2021-05-10 ⋅ DarkTracer ⋅ DarkTracer\r\nIntelligence Report on Ransomware Gangs on the DarkWeb: List of victim organizations attacked by ransomware\r\ngangs released on the DarkWeb\r\nRansomEXX Avaddon Babuk Clop Conti Cuba DarkSide DoppelPaymer Egregor Hades LockBit Mailto Maze\r\nMedusaLocker Mespinoza Mount Locker Nefilim Nemty Pay2Key PwndLocker RagnarLocker Ragnarok\r\nRansomEXX REvil Sekhmet SunCrypt ThunderX 2021-05-06 ⋅ Cyborg Security ⋅ Brandon Denker\r\nRansomware: Hunting for Inhibiting System Backup or Recovery\r\nAvaddon Conti DarkSide LockBit Mailto Maze Mespinoza Nemty PwndLocker RagnarLocker RansomEXX\r\nREvil Ryuk Snatch ThunderX 2021-04-13 ⋅ CAPCOM ⋅ CAPCOM\r\n4th Update Regarding Data Security Incident Due to Unauthorized Access:Investigation Results\r\nRagnarLocker 2021-04-12 ⋅ ilbaroni\r\nUnpacking RAGNARLOCKER via emulation\r\nRagnarLocker 2021-04-07 ⋅ ANALYST1 ⋅ Jon DiMaggio\r\nRansom Mafia Analysis of the World's First Ransomware Cartel\r\nConti Egregor LockBit Maze RagnarLocker Ryuk SunCrypt TA2101 VIKING SPIDER 2021-04-07 ⋅ ANALYST1 ⋅\r\nJon DiMaggio\r\nRansom Mafia - Analysis of the World's First Ransomware Cartel\r\nConti Egregor LockBit Maze RagnarLocker SunCrypt VIKING SPIDER 2021-02-23 ⋅ CrowdStrike ⋅ CrowdStrike\r\n2021 Global Threat Report\r\nRansomEXX Amadey Anchor Avaddon BazarBackdoor Clop Cobalt Strike Conti Cutwail DanaBot DarkSide\r\nDoppelPaymer Dridex Egregor Emotet Hakbit IcedID JSOutProx KerrDown LockBit Mailto Maze MedusaLocker\r\nMespinoza Mount Locker NedDnLoader Nemty Pay2Key PlugX Pushdo PwndLocker PyXie QakBot Quasar RAT\r\nRagnarLocker Ragnarok RansomEXX REvil Ryuk Sekhmet ShadowPad SmokeLoader Snake SUNBURST\r\nSunCrypt TEARDROP TrickBot WastedLocker Winnti Zloader Evilnum OUTLAW SPIDER RIDDLE SPIDER\r\nSOLAR SPIDER VIKING SPIDER 2021-02-03 ⋅ Sophos Managed Threat Response (MTR) ⋅ Greg Iddon\r\nMTR casebook: Uncovering a backdoor implant in a SolarWinds Orion server\r\nRagnarLocker 2021-01-01 ⋅ Acronis ⋅ Acronis Security\r\nAnalysis of Ragnar Locker Ransomware\r\nRagnarLocker 2020-12-16 ⋅ Accenture ⋅ Paul Mansfield\r\nTracking and combatting an evolving danger: Ransomware extortion\r\nDarkSide Egregor Maze Nefilim RagnarLocker REvil Ryuk SunCrypt 2020-11-19 ⋅ FBI ⋅ FBI\r\nMU-000140-MW: Indicators of Compromise Associated with Ragnar Locker Ransomware\r\nRagnarLocker 2020-11-16 ⋅ Intel 471 ⋅ Intel 471\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ragnarlocker\r\nPage 2 of 4\n\nRansomware-as-a-service: The pandemic within a pandemic\r\nAvaddon Clop Conti DoppelPaymer Egregor Hakbit Mailto Maze Mespinoza RagnarLocker REvil Ryuk\r\nSunCrypt ThunderX 2020-11-11 ⋅ Kaspersky Labs ⋅ Dmitry Bestuzhev, Fedor Sinitsyn\r\nTargeted ransomware: it’s not just about encrypting your data! Part 1 - “Old and New Friends”\r\nEgregor Maze RagnarLocker 2020-11-10 ⋅ KrebsOnSecurity ⋅ Brian Krebs\r\nRansomware Group Turns to Facebook Ads\r\nRagnarLocker 2020-11-05 ⋅ Bleeping Computer ⋅ Lawrence Abrams\r\nCapcom hit by Ragnar Locker ransomware, 1TB allegedly stolen\r\nRagnarLocker 2020-11-05 ⋅ ZDNet ⋅ Charlie Osborne\r\nCapcom quietly discloses cyberattack impacting email, file servers\r\nRagnarLocker 2020-11-05 ⋅ Bleeping Computer ⋅ Lawrence Abrams\r\nJapanese game dev Capcom hit by cyberattack, business impacted\r\nRagnarLocker 2020-10-23 ⋅ Hornetsecurity ⋅ Hornetsecurity Security Lab\r\nLeakware-Ransomware-Hybrid Attacks\r\nAvaddon Clop Conti DarkSide DoppelPaymer Mailto Maze Mespinoza Nefilim RagnarLocker REvil Sekhmet\r\nSunCrypt 2020-09-25 ⋅ CrowdStrike ⋅ The Crowdstrike Intel Team\r\nDouble Trouble: Ransomware with Data Leak Extortion, Part 1\r\nDoppelPaymer FriedEx LockBit Maze MedusaLocker RagnarLocker REvil RobinHood SamSam WastedLocker\r\nMIMIC SPIDER PIZZO SPIDER TA2101 VIKING SPIDER 2020-09-24 ⋅ CrowdStrike ⋅ CrowdStrike Intelligence Team\r\nDouble Trouble: Ransomware with Data Leak Extortion, Part 1\r\nDoppelPaymer Gandcrab LockBit Maze MedusaLocker RagnarLocker SamSam OUTLAW SPIDER\r\nOVERLORD SPIDER 2020-09-24 ⋅ Kaspersky Labs ⋅ Kaspersky Lab ICS CERT\r\nThreat landscape for industrial automation systems - H1 2020\r\nPoet RAT Mailto Milum RagnarLocker REvil Ryuk Snake 2020-08-25 ⋅ KELA ⋅ Victoria Kivilevich\r\nHow Ransomware Gangs Find New Monetization Schemes and Evolve in Marketing\r\nAvaddon Clop DarkSide DoppelPaymer Mailto Maze MedusaLocker Mespinoza Nefilim RagnarLocker REvil\r\nSekhmet 2020-07-30 ⋅ WILDIRE LABS ⋅ WILDFIRE LABS\r\nDissecting Ragnar Locker: The Case Of EDP\r\nRagnarLocker 2020-06-09 ⋅ McAfee ⋅ Alexandre Mundo\r\nRagnarLocker Ransomware Threatens to Release Confidential Information\r\nRagnarLocker 2020-05-21 ⋅ Sophos ⋅ SophosLabs Uncut\r\nRagnar Locker ransomware deploys virtual machine to dodge security\r\nRagnarLocker 2020-04-28 ⋅ Microsoft ⋅ Microsoft Threat Protection Intelligence Team\r\nRansomware groups continue to target healthcare, critical services; here’s how to reduce risk\r\nLockBit Mailto Maze MedusaLocker Paradise RagnarLocker REvil RobinHood 2020-04-14 ⋅ Bleeping Computer ⋅\r\nSergiu Gatlan\r\nRagnarLocker ransomware hits EDP energy giant, asks for €10M\r\nRagnarLocker 2020-02-04 ⋅ ⋅ ID Ransomware ⋅ Andrew Ivanov\r\nRagnarLocker Ransomware\r\nRagnarLocker\r\n[TLP:WHITE] win_ragnarlocker_auto (20251219 | Detects win.ragnarlocker.)\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ragnarlocker\r\nPage 3 of 4\n\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.ragnarlocker\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.ragnarlocker\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.ragnarlocker" ], "report_names": [ "win.ragnarlocker" ], "threat_actors": [ { "id": "059b16f8-d4e0-4399-9add-18101a2fd298", "created_at": "2022-10-25T15:50:23.29434Z", "updated_at": "2026-04-10T02:00:05.380938Z", "deleted_at": null, "main_name": "Evilnum", "aliases": [ "Evilnum" ], "source_name": "MITRE:Evilnum", "tools": [ "More_eggs", "EVILNUM", "LaZagne" ], "source_id": "MITRE", "reports": null }, { "id": "99d9dd87-91c3-4371-9943-0a1c9c3cd99c", "created_at": "2022-10-25T16:07:23.277763Z", "updated_at": "2026-04-10T02:00:04.514755Z", "deleted_at": null, "main_name": "Solar Spider", "aliases": [], "source_name": "ETDA:Solar Spider", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "8670f370-1865-4264-9a1b-0dfe7617c329", "created_at": "2022-10-25T16:07:23.69953Z", "updated_at": "2026-04-10T02:00:04.716126Z", "deleted_at": null, "main_name": "Hades", "aliases": [ "Operation TrickyMouse" ], "source_name": "ETDA:Hades", "tools": [ "Brave Prince", "Gold Dragon", "GoldDragon", "Lovexxx", "Olympic Destroyer", "Running RAT", "RunningRAT", "SOURGRAPE", "running_rat" ], "source_id": "ETDA", "reports": null }, { "id": "6f37e16f-64b2-4b9c-b5b4-08d0884660eb", "created_at": "2022-10-25T16:07:24.380872Z", "updated_at": "2026-04-10T02:00:04.966462Z", "deleted_at": null, "main_name": "Viking Spider", "aliases": [], "source_name": "ETDA:Viking Spider", "tools": [ "Ragnar Locker", "RagnarLocker" ], "source_id": "ETDA", "reports": null }, { "id": "610a7295-3139-4f34-8cec-b3da40add480", "created_at": "2023-01-06T13:46:38.608142Z", "updated_at": "2026-04-10T02:00:03.03764Z", "deleted_at": null, "main_name": "Cobalt", "aliases": [ "Cobalt Group", "Cobalt Gang", "GOLD KINGSWOOD", "COBALT SPIDER", "G0080", "Mule Libra" ], "source_name": "MISPGALAXY:Cobalt", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "b57a3b93-3a22-4889-af28-37cc53e824e7", "created_at": "2023-01-06T13:46:39.24034Z", "updated_at": "2026-04-10T02:00:03.256906Z", "deleted_at": null, "main_name": "MIMIC SPIDER", "aliases": [], "source_name": "MISPGALAXY:MIMIC SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "25758a84-d695-44e7-9cd5-3c6e999ce6c0", "created_at": "2023-01-06T13:46:39.237624Z", "updated_at": "2026-04-10T02:00:03.255835Z", "deleted_at": null, "main_name": "OUTLAW SPIDER", "aliases": [], "source_name": "MISPGALAXY:OUTLAW SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "38e9c8e3-38f8-4500-8c5c-8349b3e9a998", "created_at": "2023-01-06T13:46:39.207556Z", "updated_at": "2026-04-10T02:00:03.246557Z", "deleted_at": null, "main_name": "RIDDLE SPIDER", "aliases": [], "source_name": "MISPGALAXY:RIDDLE SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e227b757-7032-4a99-b119-1bfda2ebd543", "created_at": "2023-01-06T13:46:39.21663Z", "updated_at": "2026-04-10T02:00:03.248543Z", "deleted_at": null, "main_name": "SOLAR SPIDER", "aliases": [], "source_name": "MISPGALAXY:SOLAR SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a9db5b93-dd22-4e33-9012-3650745266ee", "created_at": "2023-01-06T13:46:39.234575Z", "updated_at": "2026-04-10T02:00:03.254853Z", "deleted_at": null, "main_name": "OVERLORD SPIDER", "aliases": [], "source_name": "MISPGALAXY:OVERLORD SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e9f85280-337c-4321-b872-0919f8ef64a6", "created_at": "2022-10-25T16:07:24.261761Z", "updated_at": "2026-04-10T02:00:04.914455Z", "deleted_at": null, "main_name": "TA2101", "aliases": [ "Gold Village", "Maze Team", "TA2101", "Twisted Spider" ], "source_name": "ETDA:TA2101", "tools": [ "7-Zip", "Agentemis", "BokBot", "Buran", "ChaCha", "Cobalt Strike", "CobaltStrike", "Egregor", "IceID", "IcedID", "Mimikatz", "PsExec", "SharpHound", "VegaLocker", "WinSCP", "cobeacon", "nmap" ], "source_id": "ETDA", "reports": null }, { "id": "b4ec06e5-60c9-4796-9f85-129c77d1652b", "created_at": "2023-01-06T13:46:39.21956Z", "updated_at": "2026-04-10T02:00:03.249407Z", "deleted_at": null, "main_name": "VIKING SPIDER", "aliases": [], "source_name": "MISPGALAXY:VIKING SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "4e453d66-9ecd-47d9-b63a-32fa5450f071", "created_at": "2024-06-19T02:03:08.077075Z", "updated_at": "2026-04-10T02:00:03.830523Z", "deleted_at": null, "main_name": "GOLD LOTUS", "aliases": [ "BlackByte", "Hecamede " ], "source_name": "Secureworks:GOLD LOTUS", "tools": [ "BlackByte", "Cobalt Strike", "ExByte", "Mega", "RDP", "SoftPerfect Network Scanner" ], "source_id": "Secureworks", "reports": null }, { "id": "4d5f939b-aea9-4a0e-8bff-003079a261ea", "created_at": "2023-01-06T13:46:39.04841Z", "updated_at": "2026-04-10T02:00:03.196806Z", "deleted_at": null, "main_name": "APT41", "aliases": [ "WICKED PANDA", "BRONZE EXPORT", "Brass Typhoon", "TG-2633", "Leopard Typhoon", "G0096", "Grayfly", "BARIUM", "BRONZE ATLAS", "Red Kelpie", "G0044", "Earth Baku", "TA415", "WICKED SPIDER", "HOODOO", "Winnti", "Double Dragon" ], "source_name": "MISPGALAXY:APT41", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "75108fc1-7f6a-450e-b024-10284f3f62bb", "created_at": "2024-11-01T02:00:52.756877Z", "updated_at": "2026-04-10T02:00:05.273746Z", "deleted_at": null, "main_name": "Play", "aliases": null, "source_name": "MITRE:Play", "tools": [ "Nltest", "AdFind", "PsExec", "Wevtutil", "Cobalt Strike", "Playcrypt", "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "20c759c2-cd02-45bb-85c6-41bde9e6a7cf", "created_at": "2024-01-18T02:02:34.189827Z", "updated_at": "2026-04-10T02:00:04.721082Z", "deleted_at": null, "main_name": "HomeLand Justice", "aliases": [ "Banished Kitten", "Karma", "Red Sandstorm", "Storm-0842", "Void Manticore" ], "source_name": "ETDA:HomeLand Justice", "tools": [ "BABYWIPER", "BiBi Wiper", "BiBi-Linux Wiper", "BiBi-Windows Wiper", "Cl Wiper", "LowEraser", "No-Justice Wiper", "Plink", "PuTTY Link", "RevSocks", "W2K Res Kit" ], "source_id": "ETDA", "reports": null }, { "id": "2a24d664-6a72-4b4c-9f54-1553b64c453c", "created_at": "2025-08-07T02:03:24.553048Z", "updated_at": "2026-04-10T02:00:03.787296Z", "deleted_at": null, "main_name": "BRONZE ATLAS", "aliases": [ "APT41 ", "BARIUM ", "Blackfly ", "Brass Typhoon", "CTG-2633", "Earth Baku ", "GREF", "Group 72 ", "Red Kelpie ", "TA415 ", "TG-2633 ", "Wicked Panda ", "Winnti" ], "source_name": "Secureworks:BRONZE ATLAS", "tools": [ "Acehash", "CCleaner v5.33 backdoor", "ChinaChopper", "Cobalt Strike", "DUSTPAN", "Dicey MSDN", "Dodgebox", "ForkPlayground", "HUC Proxy Malware (Htran)" ], "source_id": "Secureworks", "reports": null }, { "id": "4e7fd07d-fcc5-459b-b678-45a7d9cda751", "created_at": "2025-04-23T02:00:55.174827Z", "updated_at": "2026-04-10T02:00:05.353712Z", "deleted_at": null, "main_name": "BlackByte", "aliases": [ "BlackByte", "Hecamede" ], "source_name": "MITRE:BlackByte", "tools": [ "AdFind", "BlackByte Ransomware", "Exbyte", "Arp", "BlackByte 2.0 Ransomware", "PsExec", "Cobalt Strike", "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "4e2776db-982d-4c07-8dd5-3888242aa7bc", "created_at": "2023-01-06T13:46:38.437237Z", "updated_at": "2026-04-10T02:00:02.974399Z", "deleted_at": null, "main_name": "PIZZO SPIDER", "aliases": [ "DD4BC", "Ambiorx" ], "source_name": "MISPGALAXY:PIZZO SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8ce861d7-7fbd-4d9c-a211-367c118bfdbd", "created_at": "2023-01-06T13:46:39.153487Z", "updated_at": "2026-04-10T02:00:03.232006Z", "deleted_at": null, "main_name": "Evilnum", "aliases": [ "EvilNum", "Jointworm", "KNOCKOUT SPIDER", "DeathStalker", "TA4563" ], "source_name": "MISPGALAXY:Evilnum", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "c240435e-8863-4e5b-9f47-20c6f5c52131", "created_at": "2022-10-25T16:07:23.253019Z", "updated_at": "2026-04-10T02:00:04.505012Z", "deleted_at": null, "main_name": "Outlaw Spider", "aliases": [], "source_name": "ETDA:Outlaw Spider", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "9639c065-3fa6-432f-9cbd-5708500c4eaa", "created_at": "2022-10-25T16:07:23.255684Z", "updated_at": "2026-04-10T02:00:04.506059Z", "deleted_at": null, "main_name": "Overlord Spider", "aliases": [ "The Dark Overlord" ], "source_name": "ETDA:Overlord Spider", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "c3c864b3-fac9-4d56-8500-7c06c829fbf8", "created_at": "2023-01-06T13:46:39.071873Z", "updated_at": "2026-04-10T02:00:03.203749Z", "deleted_at": null, "main_name": "TA2101", "aliases": [ "GOLD VILLAGE", "Storm-0216", "DEV-0216", "UNC2198", "TUNNEL SPIDER", "Maze Team", "TWISTED SPIDER" ], "source_name": "MISPGALAXY:TA2101", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "39ea99fb-1704-445d-b5cd-81e7c99d6012", "created_at": "2022-10-25T16:07:23.601894Z", "updated_at": "2026-04-10T02:00:04.684134Z", "deleted_at": null, "main_name": "Evilnum", "aliases": [ "G0120", "Jointworm", "Operation Phantom in the [Command] Shell", "TA4563" ], "source_name": "ETDA:Evilnum", "tools": [ "Bypass-UAC", "Cardinal RAT", "ChromeCookiesView", "EVILNUM", "Evilnum", "IronPython", "LaZagne", "MailPassView", "More_eggs", "ProduKey", "PyVil", "PyVil RAT", "SONE", "SpicyOmelette", "StealerOne", "Taurus Loader Stealer Module", "Taurus Loader TeamViewer Module", "Terra Loader", "TerraPreter", "TerraStealer", "TerraTV" ], "source_id": "ETDA", "reports": null }, { "id": "e6148aa7-4347-4444-a2a0-dbbf7c0f121c", "created_at": "2022-10-25T16:07:24.12696Z", "updated_at": "2026-04-10T02:00:04.875073Z", "deleted_at": null, "main_name": "Riddle Spider", "aliases": [ "Avaddon Team" ], "source_name": "ETDA:Riddle Spider", "tools": [ "Avaddon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434768, "ts_updated_at": 1775792134, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/22ed0cb7119729ec80484cb796f3ec84b14062bf.pdf", "text": "https://archive.orkl.eu/22ed0cb7119729ec80484cb796f3ec84b14062bf.txt", "img": "https://archive.orkl.eu/22ed0cb7119729ec80484cb796f3ec84b14062bf.jpg" } }