{
	"id": "61360727-020e-4750-b395-c60701c94ca0",
	"created_at": "2026-04-06T00:14:00.580602Z",
	"updated_at": "2026-04-10T03:35:58.735459Z",
	"deleted_at": null,
	"sha1_hash": "2f3e7b0d22a4c0494aec46029f35195be2d47356",
	"title": "KOMPROGO (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28518,
	"plain_text": "KOMPROGO (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 16:17:18 UTC\r\nKOMPROGO is a signature backdoor used by APT32 that is capable of process, file, and registry management,\r\nCreating a reverse shell, running WMI queries, retrieving information about the infected system.\r\n[TLP:WHITE] win_komprogo_auto (20251219 | Detects win.komprogo.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.komprogo\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.komprogo\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.komprogo"
	],
	"report_names": [
		"win.komprogo"
	],
	"threat_actors": [
		{
			"id": "af509bbb-8d18-4903-a9bd-9e94099c6b30",
			"created_at": "2023-01-06T13:46:38.585525Z",
			"updated_at": "2026-04-10T02:00:03.030833Z",
			"deleted_at": null,
			"main_name": "APT32",
			"aliases": [
				"OceanLotus",
				"ATK17",
				"G0050",
				"APT-C-00",
				"APT-32",
				"Canvas Cyclone",
				"SeaLotus",
				"Ocean Buffalo",
				"OceanLotus Group",
				"Cobalt Kitty",
				"Sea Lotus",
				"APT 32",
				"POND LOACH",
				"TIN WOODLAWN",
				"Ocean Lotus"
			],
			"source_name": "MISPGALAXY:APT32",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "870f6f62-84f5-48ca-a18e-cf2902cd6924",
			"created_at": "2022-10-25T15:50:23.303818Z",
			"updated_at": "2026-04-10T02:00:05.301184Z",
			"deleted_at": null,
			"main_name": "APT32",
			"aliases": [
				"APT32",
				"SeaLotus",
				"OceanLotus",
				"APT-C-00",
				"Canvas Cyclone"
			],
			"source_name": "MITRE:APT32",
			"tools": [
				"Mimikatz",
				"ipconfig",
				"Kerrdown",
				"Cobalt Strike",
				"SOUNDBITE",
				"OSX_OCEANLOTUS.D",
				"KOMPROGO",
				"netsh",
				"RotaJakiro",
				"PHOREAL",
				"Arp",
				"Denis",
				"Goopy"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "5da6b5fd-1955-412a-81aa-069fb50b6e31",
			"created_at": "2025-08-07T02:03:25.116085Z",
			"updated_at": "2026-04-10T02:00:03.668978Z",
			"deleted_at": null,
			"main_name": "TIN WOODLAWN",
			"aliases": [
				"APT32 ",
				"Cobalt Kitty",
				"OceanLotus",
				"WOODLAWN "
			],
			"source_name": "Secureworks:TIN WOODLAWN",
			"tools": [
				"Cobalt Strike",
				"Denis",
				"Goopy",
				"JEShell",
				"KerrDown",
				"Mimikatz",
				"Ratsnif",
				"Remy",
				"Rizzo",
				"RolandRAT"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434440,
	"ts_updated_at": 1775792158,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/2f3e7b0d22a4c0494aec46029f35195be2d47356.pdf",
		"text": "https://archive.orkl.eu/2f3e7b0d22a4c0494aec46029f35195be2d47356.txt",
		"img": "https://archive.orkl.eu/2f3e7b0d22a4c0494aec46029f35195be2d47356.jpg"
	}
}