{
	"id": "25a83916-3620-423d-aa07-14dbccec8eec",
	"created_at": "2026-04-06T00:10:40.058779Z",
	"updated_at": "2026-04-10T03:34:24.146043Z",
	"deleted_at": null,
	"sha1_hash": "41bde65ab8aafd31ecbf0472ca2836a42c705284",
	"title": "Unidentified 103 (FIN8) (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28859,
	"plain_text": "Unidentified 103 (FIN8) (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-02 12:04:12 UTC\r\nA malware that uses .NET to load unmanaged (shell)code which has some resemblance to BADHATCH, the IP\r\nfound in the sample was referred to in coverage on WHITERABBIT ransomware attacks.\r\n[TLP:WHITE] win_unidentified_103_auto (20251219 | Detects win.unidentified_103.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.unidentified_103\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.unidentified_103\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.unidentified_103"
	],
	"report_names": [
		"win.unidentified_103"
	],
	"threat_actors": [
		{
			"id": "3150bf4f-288a-44b8-ab48-0ced9b052a0c",
			"created_at": "2025-08-07T02:03:24.910023Z",
			"updated_at": "2026-04-10T02:00:03.713077Z",
			"deleted_at": null,
			"main_name": "GOLD HUXLEY",
			"aliases": [
				"CTG-6969 ",
				"FIN8 "
			],
			"source_name": "Secureworks:GOLD HUXLEY",
			"tools": [
				"Gozi ISFB",
				"Powersniff"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "5bdde906-0416-42ee-9100-5ebd95dda77a",
			"created_at": "2023-01-06T13:46:38.601977Z",
			"updated_at": "2026-04-10T02:00:03.035842Z",
			"deleted_at": null,
			"main_name": "FIN8",
			"aliases": [
				"ATK113",
				"G0061"
			],
			"source_name": "MISPGALAXY:FIN8",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "72d09c17-e33e-4c2f-95db-f204848cc797",
			"created_at": "2022-10-25T15:50:23.832551Z",
			"updated_at": "2026-04-10T02:00:05.336787Z",
			"deleted_at": null,
			"main_name": "FIN8",
			"aliases": [
				"FIN8",
				"Syssphinx"
			],
			"source_name": "MITRE:FIN8",
			"tools": [
				"BADHATCH",
				"PUNCHBUGGY",
				"Ragnar Locker",
				"PUNCHTRACK",
				"dsquery",
				"Nltest",
				"Sardonic",
				"PsExec",
				"Impacket"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "fc80a724-e567-457c-82bb-70147435e129",
			"created_at": "2022-10-25T16:07:23.624289Z",
			"updated_at": "2026-04-10T02:00:04.691643Z",
			"deleted_at": null,
			"main_name": "FIN8",
			"aliases": [
				"ATK 113",
				"G0061",
				"Storm-0288",
				"Syssphinx"
			],
			"source_name": "ETDA:FIN8",
			"tools": [
				"ALPHV",
				"ALPHVM",
				"BadHatch",
				"BlackCat",
				"Noberus",
				"PSVC",
				"PUNCHTRACK",
				"PoSlurp",
				"Powersniff",
				"PunchBuggy",
				"Ragnar Loader",
				"Ragnar Locker",
				"RagnarLocker",
				"Sardonic",
				"ShellTea"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434240,
	"ts_updated_at": 1775792064,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/41bde65ab8aafd31ecbf0472ca2836a42c705284.pdf",
		"text": "https://archive.orkl.eu/41bde65ab8aafd31ecbf0472ca2836a42c705284.txt",
		"img": "https://archive.orkl.eu/41bde65ab8aafd31ecbf0472ca2836a42c705284.jpg"
	}
}