{ "id": "2d1367cd-9172-4276-a429-65d2f59c422a", "created_at": "2026-04-06T00:12:10.832429Z", "updated_at": "2026-04-10T03:38:19.212761Z", "deleted_at": null, "sha1_hash": "47f0d4b1d7276047b604b0240af6c2f9e3e2c8d8", "title": "InvisibleFerret (Malware Family)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 113022, "plain_text": "InvisibleFerret (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 14:19:45 UTC\r\nInvisibleFerret\r\nActor(s): WageMole\r\nThere is no description at this point.\r\nReferences\r\n2026-03-11 ⋅ Microsoft ⋅ Microsoft Defender Experts, Microsoft Defender Security Research Team\r\nContagious Interview: Malware delivered through fake developer job interviews\r\nBeaverTail OtterCookie StoatWaffle InvisibleFerret PylangGhost GolangGhost\r\n2026-01-20 ⋅ Abstract Security ⋅\r\nContagious Interview: Tracking the VS Code Tasks Infection Vector\r\nBeaverTail InvisibleFerret\r\n2026-01-13 ⋅ Security Alliance ⋅ Security Alliance\r\nVS Code Tasks Abuse by Contagious Interview (DPRK)\r\nBeaverTail InvisibleFerret\r\n2026-01-11 ⋅ Red Asgard ⋅ Red Asgard\r\nHunting Lazarus: Inside the Contagious Interview C2 Infrastructure\r\nBeaverTail InvisibleFerret\r\n2025-12-17 ⋅ Recorded Future ⋅ Insikt Group\r\nPurpleBravo’s Targeting of the IT Software Supply Chain\r\nBeaverTail InvisibleFerret PylangGhost GolangGhost\r\n2025-11-28 ⋅ OpenSourceMalware ⋅ OpenSourceMalware\r\n\"Contagious Interview\" campaign abuses Microsoft VSCode tasks to drop malware and gain persistence\r\nBeaverTail InvisibleFerret\r\n2025-11-13 ⋅ NVISO Labs ⋅ Bart Parys, Efstratios Lontzetidis, Stef Collart\r\nContagious Interview Actors Now Utilize JSON Storage Services for Malware Delivery\r\nBeaverTail OtterCookie InvisibleFerret Beavertail TsunamiKit\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/py.invisibleferret\r\nPage 1 of 5\n\n2025-10-20 ⋅ Medium Deriv-Tech ⋅ Shantanu Ghumade\r\nHow a fake AI recruiter delivers five staged malware disguised as a dream job\r\nBeaverTail OtterCookie InvisibleFerret\r\n2025-10-16 ⋅ Cisco Talos ⋅ Michael Kelley, Vanja Svajcer\r\nBeaverTail and OtterCookie evolve with a new Javascript module\r\nBeaverTail OtterCookie InvisibleFerret\r\n2025-10-10 ⋅ Socket ⋅ Kirill Boychenko\r\nNorth Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads\r\nBeaverTail InvisibleFerret\r\n2025-09-25 ⋅ ESET Research ⋅ Matěj Havránek, Peter Kálnai\r\nDeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception\r\nBeaverTail OtterCookie InvisibleFerret PylangGhost AkdoorTea GolangGhost Tropidoor TsunamiKit\r\n2025-09-25 ⋅ Virus Bulletin ⋅ Matěj Havránek, Peter Kálnai\r\nDeceptiveDevelopment: From primitive crypto theft to sophisticated AI-based deception\r\nBeaverTail OtterCookie InvisibleFerret PylangGhost AkdoorTea GolangGhost Tropidoor TsunamiKit\r\n2025-09-17 ⋅ GitLab ⋅ GitLab\r\nTech Note - BeaverTail variant distributed via malicious repositories and ClickFix lure\r\nBeaverTail OtterCookie BeaverTail InvisibleFerret Beavertail GolangGhost\r\n2025-09-10 ⋅ ANY.RUN ⋅ ANY.RUN\r\nLazarus Group Attacks in 2025: Here’s Everything SOC Teams Need to Know\r\nOtterCookie InvisibleFerret PylangGhost\r\n2025-08-27 ⋅ Anthropic ⋅ Anthropic\r\nAnthropic - Threat Intelligence Report: August 2025\r\nBeaverTail OtterCookie GolangGhost InvisibleFerret GolangGhost\r\n2025-07-14 ⋅ Socket ⋅ Kirill Boychenko\r\nContagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader\r\nBeaverTail InvisibleFerret\r\n2025-06-24 ⋅ Socket ⋅ Socket\r\nAnother Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages\r\nBeaverTail InvisibleFerret\r\n2025-06-03 ⋅ ANY.RUN ⋅ ANY.RUN\r\nOtterCookie: Analysis of Lazarus Group Malware Targeting Finance and Tech Professionals\r\nBeaverTail OtterCookie InvisibleFerret\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/py.invisibleferret\r\nPage 2 of 5\n\n2025-05-12 ⋅ ESET Research ⋅ ESET Research\r\nESET APT Activity Report Q4 2024–Q1 2025\r\nBeaverTail InvisibleFerret GolangGhost\r\n2025-05-07 ⋅ NTT Security ⋅ Masaya Motoda, Rintaro Koike\r\nAdditional Features of OtterCookie Malware Used by WaterPlum\r\nBeaverTail OtterCookie InvisibleFerret\r\n2025-04-25 ⋅ HiSolutions ⋅ Maik Würth, Mateo Mrvelj, Nicolas Sprenger\r\nRolling in the Deep(Web): Lazarus Tsunami\r\nInvisibleFerret tsunami TsunamiKit\r\n2025-04-24 ⋅ Silent Push ⋅ Silent Push\r\nContagious Interview (DPRK) Launches a New Campaign Creating Three Front Companies to Deliver a Trio\r\nof Malware: BeaverTail, InvisibleFerret, and OtterCookie\r\nBeaverTail OtterCookie FrostyFerret GolangGhost InvisibleFerret GolangGhost\r\n2025-04-23 ⋅ Trend Micro ⋅ Feike Hacquebord, Stephen Hilt\r\nRussian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations\r\nBeaverTail FrostyFerret GolangGhost InvisibleFerret GolangGhost WageMole\r\n2025-04-11 ⋅ Bitso Quetzal Team ⋅ Mauro Eldritch\r\nInterview with the Chollima\r\nBeaverTail OtterCookie InvisibleFerret\r\n2025-04-04 ⋅ Socket ⋅ Socket\r\nLazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads\r\nBeaverTail InvisibleFerret\r\n2025-02-20 ⋅ ESET Research ⋅ ESET Research\r\nDeceptiveDevelopment targets freelance developers\r\nBeaverTail InvisibleFerret\r\n2025-02-13 ⋅ Recorded Future ⋅ Recorded Future\r\nInside the Scam: North Korea’s IT Worker Threat\r\nBeaverTail OtterCookie InvisibleFerret\r\n2025-02-07 ⋅ ⋅ SI-CERT ⋅ SI-CERT\r\nSI-CERT TZ016 / BeaverTail \u0026 InvisibleFerret\r\nBeaverTail InvisibleFerret\r\n2025-02-05 ⋅ Bitdefender ⋅ Alina Bizga, Andrei ANTON-AANEI, Ionuț-Alexandru Baltariu\r\nLazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam\r\nBeaverTail InvisibleFerret tsunami\r\n2025-01-29 ⋅ Socket ⋅ Kirill Boychenko, Peter van der Zee\r\nNorth Korean APT Lazarus Targets Developers with Malicious npm Package\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/py.invisibleferret\r\nPage 3 of 5\n\nBeaverTail InvisibleFerret\r\n2025-01-29 ⋅ SecurityScorecard ⋅ SecurityScorecard STRIKE Team\r\nOperation Phantom Circuit: North Korea’s Global Data Exfiltration Campaign\r\nBeaverTail InvisibleFerret\r\n2024-12-24 ⋅ ⋅ NTT Security Holdings ⋅ NTT Security Holdings\r\nContagious Interview Uses New Malware Otter Cookie\r\nBeaverTail OtterCookie InvisibleFerret\r\n2024-11-26 ⋅ Arxiv ⋅ Alessio Di Santo\r\nLazarus Group Targets Crypto-Wallets and Financial Data while employing new Tradecrafts\r\nBeaverTail InvisibleFerret tsunami TsunamiKit\r\n2024-11-14 ⋅ eSentire ⋅ eSentire\r\nBored BeaverTail \u0026 InvisibleFerret Yacht Club – A Lazarus Lure Pt.2\r\nBeaverTail InvisibleFerret\r\n2024-11-14 ⋅ Palo Alto ⋅ Unit 42\r\nFake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack\r\nBeaverTail InvisibleFerret WageMole\r\n2024-11-04 ⋅ Zscaler ⋅ Zscaler\r\nFrom Pyongyang to Your Payroll: The Rise of North Korean Remote Workers in the West\r\nBeaverTail InvisibleFerret WageMole\r\n2024-10-29 ⋅ SecurityScorecard ⋅ SecurityScorecard STRIKE Team\r\nThe Job Offer That Wasn’t: How We Stopped an Espionage Plot\r\nBeaverTail InvisibleFerret\r\n2024-10-29 ⋅ ⋅ Macnica ⋅ Hiroshi Takeuchi\r\nJob Offer from the North: Contagious Interview for Software Developers\r\nBeaverTail InvisibleFerret\r\n2024-10-24 ⋅ Datadog ⋅ Datadog\r\nTenacious Pungsan: A DPRK threat actor linked to Contagious Interview\r\nBeaverTail InvisibleFerret\r\n2024-10-17 ⋅ Github (ssrdio) ⋅ Gregor Spagnolo\r\nAnalysis of BeaverTail \u0026 InvisibleFerret activity\r\nBeaverTail InvisibleFerret\r\n2024-09-10 ⋅ Stacklok ⋅ Stacklok\r\nDependency hijacking: Dissecting North Korea’s new wave of DeFi-themed open source attacks targeting\r\ndevelopers\r\nBeaverTail InvisibleFerret\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/py.invisibleferret\r\nPage 4 of 5\n\n2024-09-04 ⋅ Group-IB ⋅ Sharmine Low\r\nAPT Lazarus: Eager Crypto Beavers, Video calls and Games\r\nBeaverTail BeaverTail InvisibleFerret Beavertail\r\n2024-07-15 ⋅ Objective-See ⋅ Patrick Wardle\r\nThis Meeting Should Have Been an Email: A DPRK stealer, dubbed BeaverTail, targets users via a trojanized\r\nmeeting app\r\nBeaverTail BeaverTail InvisibleFerret\r\n2023-11-21 ⋅ Palo Alto Networks Unit 42 ⋅ Unit 42\r\nHacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean\r\nThreat Actors\r\nBeaverTail InvisibleFerret WageMole\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/py.invisibleferret\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/py.invisibleferret\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://malpedia.caad.fkie.fraunhofer.de/details/py.invisibleferret" ], "report_names": [ "py.invisibleferret" ], "threat_actors": [ { "id": "32e2c6f9-a1f5-42bc-ac1d-5d9dc301cf0e", "created_at": "2025-08-07T02:03:25.078429Z", "updated_at": "2026-04-10T02:00:03.811418Z", "deleted_at": null, "main_name": "NICKEL ALLEY", "aliases": [ "CL-STA-0240 ", "Purplebravo Recorded Future", "Storm-1877 ", "Tenacious Pungsan " ], "source_name": "Secureworks:NICKEL ALLEY", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "34eea331-d052-4096-ae03-a22f1d090bd4", "created_at": "2025-08-07T02:03:25.073494Z", "updated_at": "2026-04-10T02:00:03.709243Z", "deleted_at": null, "main_name": "NICKEL ACADEMY", "aliases": [ "ATK3 ", "Black Artemis ", "COVELLITE ", "CTG-2460 ", "Citrine Sleet ", "Diamond Sleet ", "Guardians of Peace", "HIDDEN COBRA ", "High Anonymous", "Labyrinth Chollima ", "Lazarus Group ", "NNPT Group", "New Romanic Cyber Army Team", "Temp.Hermit ", "UNC577 ", "Who Am I?", "Whois Team", "ZINC " ], "source_name": "Secureworks:NICKEL ACADEMY", "tools": [ "Destover", "KorHigh", "Volgmer" ], "source_id": "Secureworks", "reports": null }, { "id": "7187a642-699d-44b2-9c69-498c80bce81f", "created_at": "2025-08-07T02:03:25.105688Z", "updated_at": "2026-04-10T02:00:03.78394Z", "deleted_at": null, "main_name": "NICKEL TAPESTRY", "aliases": [ "CL-STA-0237 ", "CL-STA-0241 ", "DPRK IT Workers", "Famous Chollima ", "Jasper Sleet Microsoft", "Purpledelta Recorded Future", "Storm-0287 ", "UNC5267 ", "Wagemole " ], "source_name": "Secureworks:NICKEL TAPESTRY", "tools": [], "source_id": "Secureworks", "reports": null }, { "id": "4fc99d9b-9b66-4516-b0db-520fbef049ed", "created_at": "2025-10-29T02:00:51.949631Z", "updated_at": "2026-04-10T02:00:05.346203Z", "deleted_at": null, "main_name": "Contagious Interview", "aliases": [ "Contagious Interview", "DeceptiveDevelopment", "Gwisin Gang", "Tenacious Pungsan", "DEV#POPPER", "PurpleBravo", "TAG-121" ], "source_name": "MITRE:Contagious Interview", "tools": [ "InvisibleFerret", "BeaverTail", "XORIndex Loader", "HexEval Loader" ], "source_id": "MITRE", "reports": null }, { "id": "732597b1-40a8-474c-88cc-eb8a421c29f1", "created_at": "2025-08-07T02:03:25.087732Z", "updated_at": "2026-04-10T02:00:03.776007Z", "deleted_at": null, "main_name": "NICKEL GLADSTONE", "aliases": [ "APT38 ", "ATK 117 ", "Alluring Pisces ", "Black Alicanto ", "Bluenoroff ", "CTG-6459 ", "Citrine Sleet ", "HIDDEN COBRA ", "Lazarus Group", "Sapphire Sleet ", "Selective Pisces ", "Stardust Chollima ", "T-APT-15 ", "TA444 ", "TAG-71 " ], "source_name": "Secureworks:NICKEL GLADSTONE", "tools": [ "AlphaNC", "Bankshot", "CCGC_Proxy", "Ratankba", "RustBucket", "SUGARLOADER", "SwiftLoader", "Wcry" ], "source_id": "Secureworks", "reports": null }, { "id": "a2b92056-9378-4749-926b-7e10c4500dac", "created_at": "2023-01-06T13:46:38.430595Z", "updated_at": "2026-04-10T02:00:02.971571Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Operation DarkSeoul", "Bureau 121", "Group 77", "APT38", "NICKEL GLADSTONE", "G0082", "COPERNICIUM", "Moonstone Sleet", "Operation GhostSecret", "APT 38", "Appleworm", "Unit 121", "ATK3", "G0032", "ATK117", "NewRomanic Cyber Army Team", "Nickel Academy", "Sapphire Sleet", "Lazarus group", "Hastati Group", "Subgroup: Bluenoroff", "Operation Troy", "Black Artemis", "Dark Seoul", "Andariel", "Labyrinth Chollima", "Operation AppleJeus", "COVELLITE", "Citrine Sleet", "DEV-0139", "DEV-1222", "Hidden Cobra", "Bluenoroff", "Stardust Chollima", "Whois Hacking Team", "Diamond Sleet", "TA404", "BeagleBoyz", "APT-C-26" ], "source_name": "MISPGALAXY:Lazarus Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d05e8567-9517-4bd8-a952-5e8d66f68923", "created_at": "2024-11-13T13:15:31.114471Z", "updated_at": "2026-04-10T02:00:03.761535Z", "deleted_at": null, "main_name": "WageMole", "aliases": [ "Void Dokkaebi", "WaterPlum", "PurpleBravo", "Famous Chollima", "UNC5267", "Wagemole", "Nickel Tapestry", "Storm-1877" ], "source_name": "MISPGALAXY:WageMole", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "32a223a8-3c79-4146-87c5-8557d38662ae", "created_at": "2022-10-25T15:50:23.703698Z", "updated_at": "2026-04-10T02:00:05.261989Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Lazarus Group", "Labyrinth Chollima", "HIDDEN COBRA", "Guardians of Peace", "NICKEL ACADEMY", "Diamond Sleet" ], "source_name": "MITRE:Lazarus Group", "tools": [ "RawDisk", "Proxysvc", "BADCALL", "FALLCHILL", "WannaCry", "MagicRAT", "HOPLIGHT", "TYPEFRAME", "Dtrack", "HotCroissant", "HARDRAIN", "Dacls", "KEYMARBLE", "TAINTEDSCRIBE", "AuditCred", "netsh", "ECCENTRICBANDWAGON", "AppleJeus", "BLINDINGCAN", "ThreatNeedle", "Volgmer", "Cryptoistic", "RATANKBA", "Bankshot" ], "source_id": "MITRE", "reports": null }, { "id": "ef59a0d9-c556-4448-8553-ed28f315d352", "created_at": "2025-06-29T02:01:57.047978Z", "updated_at": "2026-04-10T02:00:04.744218Z", "deleted_at": null, "main_name": "Operation Contagious Interview", "aliases": [ "Jasper Sleet", "Nickel Tapestry", "Operation Contagious Interview", "PurpleBravo", "Storm-0287", "Tenacious Pungsan", "UNC5267", "Wagemole", "WaterPlum" ], "source_name": "ETDA:Operation Contagious Interview", "tools": [ "BeaverTail", "InvisibleFerret", "OtterCookie", "PylangGhost" ], "source_id": "ETDA", "reports": null }, { "id": "f32df445-9fb4-4234-99e0-3561f6498e4e", "created_at": "2022-10-25T16:07:23.756373Z", "updated_at": "2026-04-10T02:00:04.739611Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "APT-C-26", "ATK 3", "Appleworm", "Citrine Sleet", "DEV-0139", "Diamond Sleet", "G0032", "Gleaming Pisces", "Gods Apostles", "Gods Disciples", "Group 77", "Guardians of Peace", "Hastati Group", "Hidden Cobra", "ITG03", "Jade Sleet", "Labyrinth Chollima", "Lazarus Group", "NewRomanic Cyber Army Team", "Operation 99", "Operation AppleJeus", "Operation AppleJeus sequel", "Operation Blockbuster: Breach of Sony Pictures Entertainment", "Operation CryptoCore", "Operation Dream Job", "Operation Dream Magic", "Operation Flame", "Operation GhostSecret", "Operation In(ter)caption", "Operation LolZarus", "Operation Marstech Mayhem", "Operation No Pineapple!", "Operation North Star", "Operation Phantom Circuit", "Operation Sharpshooter", "Operation SyncHole", "Operation Ten Days of Rain / DarkSeoul", "Operation Troy", "SectorA01", "Slow Pisces", "TA404", "TraderTraitor", "UNC2970", "UNC4034", "UNC4736", "UNC4899", "UNC577", "Whois Hacking Team" ], "source_name": "ETDA:Lazarus Group", "tools": [ "3CX Backdoor", "3Rat Client", "3proxy", "AIRDRY", "ARTFULPIE", "ATMDtrack", "AlphaNC", "Alreay", "Andaratm", "AngryRebel", "AppleJeus", "Aryan", "AuditCred", "BADCALL", "BISTROMATH", "BLINDINGCAN", "BTC Changer", "BUFFETLINE", "BanSwift", "Bankshot", "Bitrep", "Bitsran", "BlindToad", "Bookcode", "BootWreck", "BottomLoader", "Brambul", "BravoNC", "Breut", "COLDCAT", "COPPERHEDGE", "CROWDEDFLOUNDER", "Castov", "CheeseTray", "CleanToad", "ClientTraficForwarder", "CollectionRAT", "Concealment Troy", "Contopee", "CookieTime", "Cyruslish", "DAVESHELL", "DBLL Dropper", "DLRAT", "DRATzarus", "DRATzarus RAT", "Dacls", "Dacls RAT", "DarkComet", "DarkKomet", "DeltaCharlie", "DeltaNC", "Dembr", "Destover", "DoublePulsar", "Dozer", "Dtrack", "Duuzer", "DyePack", "ECCENTRICBANDWAGON", "ELECTRICFISH", "Escad", "EternalBlue", "FALLCHILL", "FYNLOS", "FallChill RAT", "Farfli", "Fimlis", "FoggyBrass", "FudModule", "Fynloski", "Gh0st RAT", "Ghost RAT", "Gopuram", "HARDRAIN", "HIDDEN COBRA RAT/Worm", "HLOADER", "HOOKSHOT", "HOPLIGHT", "HOTCROISSANT", "HOTWAX", "HTTP Troy", "Hawup", "Hawup RAT", "Hermes", "HotCroissant", "HotelAlfa", "Hotwax", "HtDnDownLoader", "Http Dr0pper", "ICONICSTEALER", "Joanap", "Jokra", "KANDYKORN", "KEYMARBLE", "Kaos", "KillDisk", "KillMBR", "Koredos", "Krademok", "LIGHTSHIFT", "LIGHTSHOW", "LOLBAS", "LOLBins", "Lazarus", "LightlessCan", "Living off the Land", "MATA", "MBRkiller", "MagicRAT", "Manuscrypt", "Mimail", "Mimikatz", "Moudour", "Mydoom", "Mydoor", "Mytob", "NACHOCHEESE", "NachoCheese", "NestEgg", "NickelLoader", "NineRAT", "Novarg", "NukeSped", "OpBlockBuster", "PCRat", "PEBBLEDASH", "PLANKWALK", "POOLRAT", "PSLogger", "PhanDoor", "Plink", "PondRAT", "PowerBrace", "PowerRatankba", "PowerShell RAT", "PowerSpritz", "PowerTask", "Preft", "ProcDump", "Proxysvc", "PuTTY Link", "QUICKRIDE", "QUICKRIDE.POWER", "Quickcafe", "QuiteRAT", "R-C1", "ROptimizer", "Ratabanka", "RatabankaPOS", "Ratankba", "RatankbaPOS", "RawDisk", "RedShawl", "Rifdoor", "Rising Sun", "Romeo-CoreOne", "RomeoAlfa", "RomeoBravo", "RomeoCharlie", "RomeoCore", "RomeoDelta", "RomeoEcho", "RomeoFoxtrot", "RomeoGolf", "RomeoHotel", "RomeoMike", "RomeoNovember", "RomeoWhiskey", "Romeos", "RustBucket", "SHADYCAT", "SHARPKNOT", "SIGFLIP", "SIMPLESEA", "SLICKSHOES", "SORRYBRUTE", "SUDDENICON", "SUGARLOADER", "SheepRAT", "SierraAlfa", "SierraBravo", "SierraCharlie", "SierraJuliett-MikeOne", "SierraJuliett-MikeTwo", "SimpleTea", "SimplexTea", "SmallTiger", "Stunnel", "TAINTEDSCRIBE", "TAXHAUL", "TFlower", "TOUCHKEY", "TOUCHMOVE", "TOUCHSHIFT", "TOUCHSHOT", "TWOPENCE", "TYPEFRAME", "Tdrop", "Tdrop2", "ThreatNeedle", "Tiger RAT", "TigerRAT", "Trojan Manuscript", "Troy", "TroyRAT", "VEILEDSIGNAL", "VHD", "VHD Ransomware", "VIVACIOUSGIFT", "VSingle", "ValeforBeta", "Volgmer", "Vyveva", "W1_RAT", "Wana Decrypt0r", "WanaCry", "WanaCrypt", "WanaCrypt0r", "WannaCry", "WannaCrypt", "WannaCryptor", "WbBot", "Wcry", "Win32/KillDisk.NBB", "Win32/KillDisk.NBC", "Win32/KillDisk.NBD", "Win32/KillDisk.NBH", "Win32/KillDisk.NBI", "WinorDLL64", "Winsec", "WolfRAT", "Wormhole", "YamaBot", "Yort", "ZetaNile", "concealment_troy", "http_troy", "httpdr0pper", "httpdropper", "klovbot", "sRDI" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434330, "ts_updated_at": 1775792299, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/47f0d4b1d7276047b604b0240af6c2f9e3e2c8d8.pdf", "text": "https://archive.orkl.eu/47f0d4b1d7276047b604b0240af6c2f9e3e2c8d8.txt", "img": "https://archive.orkl.eu/47f0d4b1d7276047b604b0240af6c2f9e3e2c8d8.jpg" } }