{ "id": "638cb8b3-0d7f-4059-8f02-0ba548d39c46", "created_at": "2026-04-06T00:07:27.109596Z", "updated_at": "2026-04-10T03:37:09.063033Z", "deleted_at": null, "sha1_hash": "40598224f487aec195ee8202ea40411d4d33f835", "title": "Understanding the Kapeka Backdoor: Detailed Analysis by APT44", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 30319, "plain_text": "Understanding the Kapeka Backdoor: Detailed Analysis by APT44\r\nBy admin\r\nPublished: 2024-11-02 · Archived: 2026-04-05 15:42:04 UTC\r\nUnified threat visibility and continuous monitoring across every cyber asset.\r\nProtect your digital identity, monitor the dark web, and receive instant alerts – all from your phone.\r\nRun controlled DDoS simulations to evaluate infrastructure resilience and ensure your defenses withstand\r\nreal-world attacks.\r\nThreatMon delivers hands-on security services aligned with your operational workflows.\r\nAl-Powered\r\nThreat Intelligence:\r\nA Comprehensive Handbook\r\nJoin our network of trusted partners to drive innovation\r\nLearn more about ThreatMon’s mission to empower organizations with proactive and intelligent\r\ncybersecurity solutions.\r\nSource: https://threatmon.io/understanding-the-kapeka-backdoor-detailed-analysis-by-apt44/\r\nhttps://threatmon.io/understanding-the-kapeka-backdoor-detailed-analysis-by-apt44/\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://threatmon.io/understanding-the-kapeka-backdoor-detailed-analysis-by-apt44/" ], "report_names": [ "understanding-the-kapeka-backdoor-detailed-analysis-by-apt44" ], "threat_actors": [ { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a66438a8-ebf6-4397-9ad5-ed07f93330aa", "created_at": "2022-10-25T16:47:55.919702Z", "updated_at": "2026-04-10T02:00:03.618194Z", "deleted_at": null, "main_name": "IRON VIKING", "aliases": [ "APT44 ", "ATK14 ", "BlackEnergy Group", "Blue Echidna ", "CTG-7263 ", "ELECTRUM ", "FROZENBARENTS ", "Hades/OlympicDestroyer ", "IRIDIUM ", "Qudedagh ", "Sandworm Team ", "Seashell Blizzard ", "TEMP.Noble ", "Telebots ", "Voodoo Bear " ], "source_name": "Secureworks:IRON VIKING", "tools": [ "BadRabbit", "BlackEnergy", "GCat", "NotPetya", "PSCrypt", "TeleBot", "TeleDoor", "xData" ], "source_id": "Secureworks", "reports": null }, { "id": "b3e954e8-8bbb-46f3-84de-d6f12dc7e1a6", "created_at": "2022-10-25T15:50:23.339976Z", "updated_at": "2026-04-10T02:00:05.27483Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "Sandworm Team", "ELECTRUM", "Telebots", "IRON VIKING", "BlackEnergy (Group)", "Quedagh", "Voodoo Bear", "IRIDIUM", "Seashell Blizzard", "FROZENBARENTS", "APT44" ], "source_name": "MITRE:Sandworm Team", "tools": [ "Bad Rabbit", "Mimikatz", "Exaramel for Linux", "Exaramel for Windows", "GreyEnergy", "PsExec", "Prestige", "P.A.S. Webshell", "AcidPour", "VPNFilter", "Neo-reGeorg", "Cyclops Blink", "SDelete", "Kapeka", "AcidRain", "Industroyer", "Industroyer2", "BlackEnergy", "Cobalt Strike", "NotPetya", "KillDisk", "PoshC2", "Impacket", "Invoke-PSImage", "Olympic Destroyer" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434047, "ts_updated_at": 1775792229, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/40598224f487aec195ee8202ea40411d4d33f835.pdf", "text": "https://archive.orkl.eu/40598224f487aec195ee8202ea40411d4d33f835.txt", "img": "https://archive.orkl.eu/40598224f487aec195ee8202ea40411d4d33f835.jpg" } }