{ "id": "6ccff915-8b18-4c3a-a3e9-045e746f06a4", "created_at": "2026-04-06T00:15:24.228253Z", "updated_at": "2026-04-10T13:12:29.35462Z", "deleted_at": null, "sha1_hash": "4799f087668b425515d2127719d878c2b78e2d84", "title": "Lined up in the sights of Vietnamese hackers", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 80937, "plain_text": "Lined up in the sights of Vietnamese hackers\r\nBy BR Data\r\nArchived: 2026-04-05 23:46:22 UTC\r\n08.10.2020 00:10\r\nThere is no safe place\r\nA group of Vietnamese hackers has been systematically spying on dissidents for years, including in\r\nGermany. The victims feel left alone by authorities as an investigation by BR and Zeit Online is able to\r\nshow.\r\nDie deutsche Version dieses Artikels finden Sie hier.\r\nBui Thanh Hieu had already paid the attendance fee of 200 euros when he heard a warning. He intended to give a\r\nspeech at a conference near Stuttgart. However, then, he was given the following hint: The Vietnamese secret\r\nservice might have infiltrated the event. Bui Thanh Hieu is one of the best known bloggers from Vietnam. Most\r\npeople in Germany know Vietnam as a holiday destination with beautiful beaches and great food. Bui documents\r\nthe other side: the one-party state that intimidates everyone voicing criticism. A state that tolerates corruption and\r\narbitrariness of authorities.\r\nFor a population that knows of press freedom only by hearsay, he filmed police beating up protestors with batons.\r\nDue to his work, he was detained by the security forces “probably a dozen times”, as he said. In 2013 he fled to\r\nGermany, and ever since Bui Thanh Hieu has been living and working in Berlin. He has hundreds of thousands of\r\nfollowers on Facebook, where he calls himself “the wind trader”. Of course he wants to return home one day, “but\r\nthere I would have to go back to prison”, he explained in an interview. He added that his parents were called upon\r\nby the police and insulted that they had not properly educated their child.\r\nHundreds of thousands of people fled the country after the end of the Vietnam War from the hunger and the terror\r\nof the communist regime. Since 2002, the members of an association of Vietnamese people living in exile have\r\nmet every year, sometimes in France, sometimes in the USA and, in 2018, near Stuttgart. For four days, they want\r\nto discuss a better future for Vietnam. A future, where people with dissenting opinions do not end up in prisons,\r\nwhere sometimes they are tortured.\r\nThe hackers send an e-mail – laced with malware\r\nAs Bui received the warning, he cancelled his participation. He feared that he might be spied on and that the arm\r\nof the Vietnamese state might reach all the way to Germany. What he did not know, however, is that the hackers’\r\narm had already reached all the way to his mailbox.\r\nhttps://web.br.de/interaktiv/ocean-lotus/en/\r\nPage 1 of 8\n\nBui is cautious – he had been expecting hackers to target him for some time. But this time, they were well\r\nprepared: They apparently knew that he wanted to go to the meeting in Stuttgart – and that they could use that to\r\nbait him. Six weeks before the meeting, an invitation arrived in his mailbox. It was sent by the hackers – laced\r\nwith malware. Bui clicked on the mail.\r\nSpied on and left alone\r\nIt is this kind of targetting – meticulously prepared, sent in the right moment, executed in only two clicks – that\r\ncan become very dangerous for dissidents. Months of research conducted by BR and Zeit Online show that there\r\nare numerous persons affected, among them opposition members and human rights activists. Many of these feel\r\nleft alone in Germany. If they are lucky, information security specialists will contact them and notify them about\r\ntheir website having been hacked. German authorities, on the other hand, usually do not contact them. Research\r\nsuggests that they are overwhelmed. There are hardly any established procedures to help dissidents in cases of\r\ncyber espionage.\r\nConversations with more than two dozen people – victims, investigators and Germany’s top domestic intelligence\r\nchief – paint the picture of a group of hackers presumably acting in Vietnam’s strategic interest. The research also\r\nshows that the hackers make mistakes. Therefore, the team of reporters succeeded in finding out which websites\r\nare used for distributing the malware. The hackers have been trying to spy on their victims for years.\r\nThe wind trader is concerned for his informants\r\nOnly two years later, in the summer of 2020, Bui learned in an interview with the reporters that hackers had sent\r\nhim the e-mail with the conference invitation. His first concern was about his informants: “If my laptop contained\r\nmalware, the Government would know who is providing me with this kind of information.” This would also\r\ninclude people in the party and state apparatus. These people would be in jeopardy. An information security\r\nspecialist agreed to scan his computer for malware. The team of reporters had established contact. It was\r\nimportant to Bui that this person had no affiliation to Vietnam, a precautionary measure.\r\nThe wind trader Bui Thanh Hieu – © Felix Burchardt for Zeit Online\r\nThe wind trader Bui Thanh Hieu – © Felix Burchardt for Zeit Online\r\nBui arrived at the meeting with a small delegation – as in almost every city in Germany, he also knows people in\r\nBerlin who help him. The sun was shining as he got out of the car of a supporter. His backpack read “Take it\r\neasy”. Bui stuck to it, straightened his flat cap and lighted himself a cigarette. All the while one of his supporters\r\norganised someone able to translate the computer jargon into Vietnamese.\r\nAs Bui handed over the laptop and password, the expert assured him that no files would be copied, at least not\r\nwithout consultation. He said that he would be ready in approximately an hour. Bui is a man with reduced facial\r\nexpression. In the course of two meetings, there was only one moment, where his feelings could be read off his\r\nface. Namely when he received the answer, whether hackers were spying on his computer.\r\nDigital attacks leave traces behind\r\nhttps://web.br.de/interaktiv/ocean-lotus/en/\r\nPage 2 of 8\n\nIt can be difficult to find out who is behind a cyber attack. However, it is not impossible since digital attacks leave\r\ntraces behind. In principle, these traces can be erased but information security specialists and intelligence services\r\nsometimes track the groups for years. And even hackers make mistakes.\r\nIn Bui’s case the traces lead to a group presumably acting on behalf of the Vietnamese state. Experts have many\r\nnames for this group: APT 32 and Ocean Lotus are best known. In conversations with a dozen of information\r\nsecurity specialists, they all agreed that this is a Vietnamese group spying, in particular, on its own compatriots.\r\nThe team of reporters from BR and Zeit Online managed to confirm this statement by means of a technical\r\ninvestigation. The team found hundreds of infected computers hinting at who the hackers might be targeting in\r\nparticular: Vietnamese citizens. Ocean Lotus has a well-filled digital tool box for placing malware. They also use\r\ncreative means for retrieving data from the computers spied on.\r\nA broad range of missions\r\nAdam Meyers is Vice President of Intelligence with information security company Crowdstrike and has been\r\nmonitoring the Vietnamese hacker group for years. “They have been active since 2012, hacking people living in\r\nChina, Vietnam, Cambodia, the Philippines or Germany,” he said. He added that the hackers were targeting the\r\nenergy, financial, hotel and automotive industries, but also governments, media and human rights groups. “We are\r\nnot talking about six people sitting in their mom’s basement, but about a military unit. We are talking about the\r\npremier entity for CNO, computer network operations of a fully functioning nation-state, capable of fulfilling a\r\nbroad range of missions”. According to another IT security specialist – who does not want to be mentioned by\r\nname – Ocean Lotus is one of the “five most active groups worldwide”.\r\nWe are talking about the digital attack group of a fully functioning nation-state,\r\nAdam Meyers, IT-Sicherheitsexperte\r\nThere is no clear evidence that the Vietnamese state is giving orders to the group, but there are indications. When\r\nasked to comment, the Vietnamese embassy in Berlin vehemently denied that Vietnam is behind the cyber-attacks\r\nand rejected any such accusations: “Attacks and threats to cybersecurity must be condemned and severely\r\npunished in accordance with law”. The embassy added that Vietnam was prepared to cooperate with the\r\ninternational community for preventing future attacks. However, a person who keeps an eye on states and their\r\nhackers for the German security authorities told the reporters from BR and Zeit Online: “A group hacking targets\r\non this scale, in a country such as Vietnam – that is not possible without the approval of the state”.\r\nFor a short moment, Bui Thanh Hieu, the wind trader, was astonished. After searching his computer for traces of\r\nhackers the information security specialist gave him an answer that surprised Bui. He listened intently to his\r\ntranslator. Every detail seemed to be important to him. He wanted to know whether he had to warn his contacts –\r\nand whether the security specialist had also checked his mailbox. He added that only a few months ago he had\r\nagain found suspicious e-mails.\r\nThe expert did not find any malware. He seemed surprised, as though he had firmly expected to come across\r\ntraces of the hackers. After all, Bui had emphasized that he had opened the mails and this should have been\r\nenough to allow them access to his computer. But there was nothing to be found. Perhaps the hackers had erased\r\nhttps://web.br.de/interaktiv/ocean-lotus/en/\r\nPage 3 of 8\n\ntheir traces, the expert suspected. He added that he needed some more time for further analyses. Rather days than\r\nhours. For the moment, Bui was relieved.\r\nDigital espionage is easy to deny\r\nBui slipped his virus-free laptop into his backpack and talked about his life in Germany: “I don’t know if it is safe\r\nhere. In any case, it is a lot safer than in Vietnam. And if it is not safe in Germany, it is not safe anywhere.”\r\nBy now he knows that in 2019 alone, he received three e-mails from Ocean Lotus. Three more attempts to spy on\r\nhis laptop. In these three cases, too, there were no traces left on his laptop. But these cases show that the hackers\r\nwere reaching out for his secrets. Even if Bui should have been lucky so far, luck alone will not be enough to\r\nprotect him permanently.\r\nCyber espionage enables states to spy on what they consider to be troublemakers across national borders. Instead\r\nof training agents who get on planes and then recruit people who place bugs in the executive floor unnoticed, it is\r\nsufficient to send a few bits through Internet lines. “You can do without the all-round monitoring,” said an\r\ninformation security specialist who hunts down government hackers. “You switch on the microphone on your\r\nmobile phone if you want to know what people are talking about.”\r\nAnother advantage is that cyber spies can deny their actions much more easily than classic agents. Classic agents\r\ncause international scandal if their actions become public, the way it happened in 2017. Ex-politician and\r\nbusinessman Trinh Xuan Thanh was strolling through the park Berliner Tiergarten with his girlfriend when\r\npresumably agents of the Vietnamese secret service jumped out of a van and dragged the two inside. With the\r\nkidnapping on German grounds, they not only broke international law but also the arm of Thanh’s lover. His\r\nsmartphone shattered on the asphalt.\r\nTrinh Xuan Thanh had left Vietnam after a power struggle within the party elite. He was hated in Vietnam, even\r\namong the population, who saw him as a corrupt politician who roamed the streets of Hanoi in a Lexus with a\r\nprice tag of 250 000 dollars. Shortly after his kidnapping, he appeared on Vietnamese state television. He was\r\nsentenced in Hanoi – to die behind bars.\r\nThe price for this operation was probably very high, both financially and diplomatically. The relations between\r\nVietnam and Germany were suspended.\r\nIn the digital world, such attacks attract less attention and the level of protection is not particularly high, said\r\nMatthias Schulze, who studies hacking incidents for the German think tank “Stiftung Wissenschaft und Politik”\r\n(Foundation for Political Science and Politics): “This leaves the door wide open for retrieving information in\r\nmany places”. The situation is almost inviting states to set up hacking units. “It is worthwhile. The cost-benefit\r\nratio is very good”.\r\nThe hackers want to come to Munich – to BMW\r\nThe hackers are relying on this, as emerged in spring 2019. Vietnam is currently building up its automotive\r\nindustry. The engines are coming to Hanoi from BMW in Munich and the hackers to BMW from Hanoi. The\r\nattack lasted for months, as a BR investigation showed. But it was noticed before the hackers could intrude into\r\nhttps://web.br.de/interaktiv/ocean-lotus/en/\r\nPage 4 of 8\n\nthe networks in Munich and take away sensitive data. The suspicion of industrial espionage is, at least, highly\r\nprobable. BMW has not made any public statements to this day.\r\nAnother technical analysis by BR and Zeit Online reveals how active the hackers are. Ocean Lotus may have\r\nmade a mistake. Thanks to this, it is possible to see hundreds of websites set up by the hackers to spread their\r\nmalware.\r\nBerlin – “Capital of spies“\r\nIt is an inconspicuous office building in Berlin: drawn curtains, cool temperatures, security guards in well-fitting\r\nsuits wearing headsets guarding the door. On the conference table, far too large for the interview, in the rooms of\r\nthe Federal Office for the Protection of the Constitution (BfV), there was the only electronic device that the\r\nreporters from BR and Zeit Online did not have to lock up at the entrance. Thomas Haldenwang only wants to\r\nspeak into microphones that are held to his mouth. Mobile phones and laptops stayed outside.\r\nGermany’s supreme security agent talked in a calm manner about intelligence services “which are much more\r\nrobust than before”. For decades, espionage stories were mainly seen in films, but now it is more and more often\r\nthe reason for “incident-related meetings” in the relevant working group in the Joint Extremism and Terrorism\r\nDefence Centre (Gemeinsames Extremismus- und Terrorabwehrzentrum, GETZ).\r\nHaldenwang recently declared Berlin to be “capital of spies”. In an interview with BR and Zeit Online, he\r\nexplained that Germany is an important player in the middle of Europe, and foreign services were therefore very\r\ninterested in the politics in this country: “Germany is involved in many international relations, and the diaspora\r\nfrom many countries is living here”. After the failed coup, Turkey had supporters of the Gülen movement spied\r\non, whereas Iran is trying to intimidate members of the opposition.\r\nWe see a clear connection to Vietnam.\r\nThomas Haldenwang, Präsident des Bundesamtes für Verfassungsschutz\r\nMeanwhile, cyber-attacks have become the “means of choice” for many foreign services, as Haldenwang\r\nexplained. The Federal Office for the Protection of the Constitution has been observing the hackers of Ocean\r\nLotus since 2014, and the BfV noticed that the hackers are “interested in certain groups of people with a\r\nVietnamese background”: “That is another reason why we see a clear connection to Vietnam”, Haldenwang said.\r\nA clear attribution, especially to Vietnam’s intelligence services, could not be made, however.\r\nThere is no well-established procedure\r\nHaldenwang described a central problem of counter-espionage. The BfV sent out a warning to the automotive\r\nindustry when Ocean Lotus was active in Germany. There was a well-established procedure between the authority\r\nand the German industry. “The situation is different when dissidents are spied on. If we perceive threats to\r\nindividuals on this field, we discuss the further procedure with the police”. The police are responsible for\r\nimmediate protection.\r\nHowever, digital espionage is often a preparatory act. It cannot be told from an e-mail whether it can develop into\r\na real threat. According to Haldenwang, it is part of the task of the BfV to assist the police. However, he said: “No\r\nhttps://web.br.de/interaktiv/ocean-lotus/en/\r\nPage 5 of 8\n\npolice authority is able to guard and protect this large group of people around the clock”.\r\nThe police do not answer – for months\r\nVu Quoc Dung is a prime example. Nowadays, he is doubting whether he can rely on the German state. When he\r\nlearned that he had been targeted by hackers, no one helped him for months. Vu is chairman of the “Veto”\r\nnetwork, which campaigns for human rights in Vietnam. He spoke in front of the European Parliament, met with\r\npoliticians from the Bundestag and also with the German President Frank-Walter Steinmeier.\r\nHuman rights worker Vu Quoc Dung – © BR\r\nHuman rights worker Vu Quoc Dung – © BR\r\nOn May 12th, 2020, he received queries from friends about an e-mail containing gossip from the Vietnamese\r\ngovernment. They asked whether he had really sent it. The e-mail address was similar to his, and also his signature\r\nappeared. However, the e-mail was sent by Ocean Lotus. It was also sent to his nephew and a journalist who\r\nreports on the Vietnamese community for the newspaper “taz”. The association “Veto” filed a complaint. Nothing\r\nhappened for months.\r\nVu’s nephew learned to recognize e-mails containing viruses at his workplace. “When I receive a message with an\r\nattachment from a new e-mail address, I become cautious,” Huy said when reached by phone. Out of curiosity, he\r\nwrote an e-mail back. Less than two hours later, the hackers actually replied – as a supposed Uncle Vu – and asked\r\nhim “what’s up”. “My uncle would never write like that,” said Huy.\r\nProfessional hacker software „Cobalt Strike“\r\nIf someone where to download the text file sent by the hackers, they would install professional hacker software\r\ncalled “Cobalt Strike”, as Steven Adair, who works for the information security company Volexity, explained. He\r\nanalyzed the mail that contained malware. Cobalt Strike is the software of a US company. The price tag is at\r\nseveral thousand euros a year. The software framework is so powerful that the US government has to agree to its\r\nsale to many countries. The software is used, completely legally, by specialists as soon as they receive the order\r\nfrom a company to test their IT security.\r\nNow you see them, now you don't\r\nIt could be argued that the hackers of Ocean Lotus are also testing the IT security of government and corporate\r\nnetworks – albeit unsolicited and illegally. If they are successful, they will exfiltrate the data back to a server they\r\nown, said Steven Adair.\r\n0:00\r\nhttps://web.br.de/interaktiv/ocean-lotus/en/\r\nPage 6 of 8\n\nThe information security specialist already knew Vu Quoc Dung. After all, Adair reached out to the human rights\r\norganisation Veto after their website had been hacked in 2017. The homepage was one of more than 100 websites\r\nthat the hackers had taken over. “The absolute majority of these sites, about 80 to 90, were related to Vietnam,”\r\nexplained Steven Adair. Sites for Vietnamese Catholics were targeted, sites for local news or a website for a steel\r\ncompany whose plant in Vietnam is responsible for one of the country’s biggest environmental disasters.\r\nAdair analyzed the Veto website and removed the hackers’ tools. “They had created a profile of each visitor to the\r\nsite,” he explained and estimated that out of 100,000 visitors per day, only ten were likely to be of interest to the\r\nhackers. “As soon as they wanted to target a person, the hackers changed the look of the site”. Suddenly, for\r\nexample, a Google login appeared. This is how the hackers obtained access to these people’s login data and were\r\nable to read and send e-mails in their name.\r\nYears later, the hackers of Ocean Lotus are still targeting Vu Quoc Dung, as the e-mails, sent by them, show. It\r\nclearly is a case of cyber espionage. “We translated the text of the e-mail – it was written in Vietnamese – into\r\nGerman and explained in detail why we had filed criminal charges,” said Vu. But when reached by BR and Zeit\r\nOnline, the police authority in charge wrote back that the case had ended up in the fraud department. The police\r\napparently had tried to contact Vu by phone as well as by e-mail. However, as BR and Zeit Online were able to\r\nfind out, the address to which they sent the e-mail belonged to the hackers. After the press request, the police\r\ninvited Vu for another interview.\r\nThe human rights organisation Veto is trying to protect itself in the meantime, even if this is probably in vain, as\r\nVu explained: “I don’t think that we, as a small organization, have the possibility to defend ourselves against a\r\ngroup of hackers who probably are supported by the state”. In Vu’s opinion, German authorities are the ones\r\nresponsible: “We would like to see the state or the police trying to protect human rights groups when they become\r\nthe target of such attacks”.\r\nA task for the Federal Government\r\nThis is also the view of Christoph Safferling, Professor of International Criminal Law and International Law at the\r\nUniversity of Erlangen-Nuremberg. He said that the protection of these people was a task of the Federal\r\nGovernment, and resulted from the constitution: “If we want to have an unbiased cooperation here in the Federal\r\nRepublic, we cannot allow foreign secret services to spy on people living in exile”. He added that one had to be\r\naware of the consequences: “These people are not just any foreigners who are here by accident, but they are a part\r\nof our society. And they must be able to live here in peace and in freedom”.\r\nThat is precisely what the hackers of Ocean Lotus want to prevent – that is what their name stands for. At the very\r\nbeginning, in 2011, they have given themselves a Vietnamese name. Sinh Tu Lenh. A metaphor for a command\r\nover life and death. The name goes back to a talisman that appears in many novels by the Chinese bestselling\r\nauthor Jin Yong. His books and films are popular in Vietnam.\r\nWhoever uses the talisman is able to make people compliant. The victims suffer excruciating pain. Until they\r\nobey. Only then is their pain relieved. The malware - that is the talisman of the hackers of Ocean Lotus. Just like\r\nthe character in the novel, the hackers control their victims: the keyboard, the screen, the files. Until the critics of\r\nthe regime are obedient.\r\nhttps://web.br.de/interaktiv/ocean-lotus/en/\r\nPage 7 of 8\n\nAbout the project:\r\nLined up in the sights of Vietnamese hackers is an investigatoin by Bayerischer Rundfunk (BR Recherche / BR\r\nData) and Zeit Online. Their project, titled \"Hackers of Hanoi\", is viewable at this link..\r\nPublished on October, 8th, 2020\r\nWritten by: Hakan Tanriverdi, Ann-Kathrin Wetter, Maximilian Zierer, Kai Biermann (Zeit Online), Thi\r\nDo Nguyen (Zeit Online)\r\nDigital Design: Sebastian Bayerl\r\nIllustrations: Christian Sonnberger\r\nContributions by: Michael Kreil, Steffen Kühne\r\nEdited by: Verena Nierle, Robert Schöffel, Lisa Wreschniok\r\nSource: https://web.br.de/interaktiv/ocean-lotus/en/\r\nhttps://web.br.de/interaktiv/ocean-lotus/en/\r\nPage 8 of 8", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://web.br.de/interaktiv/ocean-lotus/en/" ], "report_names": [ "en" ], "threat_actors": [ { "id": "af509bbb-8d18-4903-a9bd-9e94099c6b30", "created_at": "2023-01-06T13:46:38.585525Z", "updated_at": "2026-04-10T02:00:03.030833Z", "deleted_at": null, "main_name": "APT32", "aliases": [ "OceanLotus", "ATK17", "G0050", "APT-C-00", "APT-32", "Canvas Cyclone", "SeaLotus", "Ocean Buffalo", "OceanLotus Group", "Cobalt Kitty", "Sea Lotus", "APT 32", "POND LOACH", "TIN WOODLAWN", "Ocean Lotus" ], "source_name": "MISPGALAXY:APT32", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null }, { "id": "3f42c8f4-2cf1-4555-abff-b19852033aec", "created_at": "2023-11-08T02:00:07.099084Z", "updated_at": "2026-04-10T02:00:03.41336Z", "deleted_at": null, "main_name": "TA499", "aliases": [ "Vovan", "Lexus" ], "source_name": "MISPGALAXY:TA499", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2439ad53-39cc-4fff-8fdf-4028d65803c0", "created_at": "2022-10-25T16:07:23.353204Z", "updated_at": "2026-04-10T02:00:04.55407Z", "deleted_at": null, "main_name": "APT 32", "aliases": [ "APT 32", "APT-C-00", "APT-LY-100", "ATK 17", "G0050", "Lotus Bane", "Ocean Buffalo", "OceanLotus", "Operation Cobalt Kitty", "Operation PhantomLance", "Pond Loach", "SeaLotus", "SectorF01", "Tin Woodlawn" ], "source_name": "ETDA:APT 32", "tools": [ "Agentemis", "Android.Backdoor.736.origin", "AtNow", "Backdoor.MacOS.OCEANLOTUS.F", "BadCake", "CACTUSTORCH", "CamCapture Plugin", "CinaRAT", "Cobalt Strike", "CobaltStrike", "Cuegoe", "DKMC", "Denis", "Goopy", "HiddenLotus", "KOMPROGO", "KerrDown", "METALJACK", "MSFvenom", "Mimikatz", "Nishang", "OSX_OCEANLOTUS.D", "OceanLotus", "PHOREAL", "PWNDROID1", "PhantomLance", "PowerSploit", "Quasar RAT", "QuasarRAT", "RatSnif", "Remy", "Remy RAT", "Rizzo", "Roland", "Roland RAT", "SOUNDBITE", "Salgorea", "Splinter RAT", "Terracotta VPN", "Yggdrasil", "cobeacon", "denesRAT", "fingerprintjs2" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434524, "ts_updated_at": 1775826749, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/4799f087668b425515d2127719d878c2b78e2d84.pdf", "text": "https://archive.orkl.eu/4799f087668b425515d2127719d878c2b78e2d84.txt", "img": "https://archive.orkl.eu/4799f087668b425515d2127719d878c2b78e2d84.jpg" } }