{
	"id": "cbd6ed75-4d1f-4620-9be6-4fe2e4c147e1",
	"created_at": "2026-04-06T00:16:35.713759Z",
	"updated_at": "2026-04-10T03:37:54.364053Z",
	"deleted_at": null,
	"sha1_hash": "4847fe228f2ff9c85d2c4599ec71686199fb0b27",
	"title": "Bitdefender Labs",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 7551116,
	"plain_text": "Bitdefender Labs\r\nBy Bitdefender\r\nArchived: 2026-04-05 15:33:52 UTC\r\nConsumer Insights Labs Business Insights\r\nAnti-Malware Research\r\nWindows and macOS Malware Spreads via Fake “Claude Code” Google Ads\r\nIonut Alexandru BALTARIU Silviu STAHIE\r\nMarch 11, 2026\r\n5 min read\r\nTop Stories\r\nScam Research\r\nActive Subscription Scam Campaigns Flooding the Internet\r\nAnti-Malware Research\r\nInfected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware\r\nIoT Research\r\nWhitepapers\r\nVulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series\r\nlatest Anti-Malware Research\r\nView all posts\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 1 of 13\n\nAnti-Malware Research\r\nWindsurf IDE Extension Drops Malware via Solana Blockchain\r\nRaul Vasile BUCUR Silviu STAHIE\r\nMarch 18, 2026\r\n5 min read\r\nAnti-Malware Research\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 2 of 13\n\nWindows and macOS Malware Spreads via Fake “Claude Code” Google Ads\r\nIonut Alexandru BALTARIU Silviu STAHIE\r\nMarch 11, 2026\r\n5 min read\r\nAnti-Malware Research\r\nLummaStealer Is Getting a Second Life Alongside CastleLoader\r\nBogdan Ionut Lazar Manuel Dragomir Janos Gergo SZELES\r\nFebruary 11, 2026\r\n18 min read\r\nlatest IoT Research\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 3 of 13\n\nIoan Alexandru MELNICIUC Paul SATMAREAN\r\nDecember 09, 2025\r\n4 min read\r\nIoT Research\r\nCVE-2025-55182 Exploitation Hits the Smart Home\r\nWhitepapers IoT Research\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 4 of 13\n\nVulnerabilities Identified in Dahua Hero C1 Smart Cameras\r\nBitdefender\r\nJuly 30, 2025\r\n4 min read\r\nIoT Research Whitepapers\r\n60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States\r\nIoan Alexandru MELNICIUC Alexandru LAZĂR George CABĂU Radu Alexandru BASARABA\r\nAugust 07, 2024\r\n9 min read\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 5 of 13\n\nIoT Research\r\nNotes on ThroughTek Kalay Vulnerabilities and Their Impact on the IoT Ecosystem\r\nBitdefender\r\nMay 15, 2024\r\n3 min read\r\nAll\r\nAnti-Malware Research\r\nFree Tools\r\nWhitepapers\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 6 of 13\n\nAnti-Malware Research\r\nWindsurf IDE Extension Drops Malware via Solana Blockchain\r\nRaul Vasile BUCUR Silviu STAHIE\r\nMarch 18, 2026\r\n5 min read\r\nAnti-Malware Research\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 7 of 13\n\nWindows and macOS Malware Spreads via Fake “Claude Code” Google Ads\r\nIonut Alexandru BALTARIU Silviu STAHIE\r\nMarch 11, 2026\r\n5 min read\r\nScam Research\r\nGlobal Scam Machines: Inside a Meta-Powered Investment Fraud Ecosystem Spanning 25\r\nCountries\r\nAlecsandru Cătălin DAJ Alexandra-Svetlana Dinulica (Bocereg) Alina BÎZGĂ\r\nMarch 09, 2026\r\n16 min read\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 8 of 13\n\nAnti-Malware Research\r\nLummaStealer Is Getting a Second Life Alongside CastleLoader\r\nBogdan Ionut Lazar Manuel Dragomir Janos Gergo SZELES\r\nFebruary 11, 2026\r\n18 min read\r\nAnti-Malware Research\r\nHelpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious\r\nSkill Trap\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 9 of 13\n\nAndrei ANTON-AANEI Ingrid Stoleru Alina BÎZGĂ\r\nFebruary 05, 2026\r\n8 min read\r\nAnti-Malware Research\r\nAndroid Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery\r\nAlecsandru Cătălin DAJ Silviu STAHIE\r\nJanuary 29, 2026\r\n7 min read\r\nRight now Top posts\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 10 of 13\n\nScam Research\r\nActive Subscription Scam Campaigns Flooding the Internet\r\nApril 30, 2025\r\nAnti-Malware Research\r\nInfected Minecraft Mods Lead to Multi-Stage, Multi-Platform Infostealer Malware\r\nJune 08, 2023\r\nIoT Research\r\nWhitepapers\r\nVulnerabilities identified in Amazon Fire TV Stick, Insignia FireOS TV Series\r\nMay 02, 2023\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 11 of 13\n\nAnti-Malware Research Whitepapers\r\nEyeSpy - Iranian Spyware Delivered in VPN Installers\r\nJanuary 11, 2023\r\nAnti-Malware Research Free Tools\r\nBitdefender Partnership with Law Enforcement Yields MegaCortex Decryptor\r\nJanuary 05, 2023\r\nAnti-Malware Research Whitepapers\r\nBackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign\r\nDecember 06, 2022\r\nBookmarks\r\nYou have no bookmarks yet. Tap\r\nto read it later.\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 12 of 13\n\nSource: https://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nhttps://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/\r\nPage 13 of 13",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://labs.bitdefender.com/2020/05/gogoogle-decryption-tool/"
	],
	"report_names": [
		"gogoogle-decryption-tool"
	],
	"threat_actors": [
		{
			"id": "709ceea7-db99-405e-b5a7-a159e6c307e0",
			"created_at": "2022-10-25T16:07:23.373699Z",
			"updated_at": "2026-04-10T02:00:04.571971Z",
			"deleted_at": null,
			"main_name": "BackdoorDiplomacy",
			"aliases": [],
			"source_name": "ETDA:BackdoorDiplomacy",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "3b56d733-88da-4394-b150-d87680ce67e4",
			"created_at": "2023-01-06T13:46:39.287189Z",
			"updated_at": "2026-04-10T02:00:03.274816Z",
			"deleted_at": null,
			"main_name": "BackdoorDiplomacy",
			"aliases": [
				"BackDip",
				"CloudComputating",
				"Quarian"
			],
			"source_name": "MISPGALAXY:BackdoorDiplomacy",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "401a2035-ed5a-4795-8e37-8b7465484751",
			"created_at": "2022-10-25T15:50:23.616232Z",
			"updated_at": "2026-04-10T02:00:05.304705Z",
			"deleted_at": null,
			"main_name": "BackdoorDiplomacy",
			"aliases": [
				"BackdoorDiplomacy"
			],
			"source_name": "MITRE:BackdoorDiplomacy",
			"tools": [
				"Turian",
				"China Chopper",
				"Mimikatz",
				"NBTscan",
				"QuasarRAT"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "17b1b76b-16da-4c4f-8b32-f6fede3eda8c",
			"created_at": "2022-10-25T16:07:23.750796Z",
			"updated_at": "2026-04-10T02:00:04.736762Z",
			"deleted_at": null,
			"main_name": "Ke3chang",
			"aliases": [
				"APT 15",
				"BackdoorDiplomacy",
				"Bronze Davenport",
				"Bronze Idlewood",
				"Bronze Palace",
				"CTG-9246",
				"G0004",
				"G0135",
				"GREF",
				"Ke3chang",
				"Metushy",
				"Nylon Typhoon",
				"Operation Ke3chang",
				"Operation MirageFox",
				"Playful Dragon",
				"Playful Taurus",
				"PurpleHaze",
				"Red Vulture",
				"Royal APT",
				"Social Network Team",
				"Vixen Panda"
			],
			"source_name": "ETDA:Ke3chang",
			"tools": [
				"Agentemis",
				"Anserin",
				"BS2005",
				"BleDoor",
				"CarbonSteal",
				"Cobalt Strike",
				"CobaltStrike",
				"DarthPusher",
				"DoubleAgent",
				"EternalBlue",
				"GoldenEagle",
				"Graphican",
				"HenBox",
				"HighNoon",
				"IRAFAU",
				"Ketrican",
				"Ketrum",
				"LOLBAS",
				"LOLBins",
				"Living off the Land",
				"MS Exchange Tool",
				"Mebroot",
				"Mimikatz",
				"MirageFox",
				"NBTscan",
				"Okrum",
				"PluginPhantom",
				"PortQry",
				"ProcDump",
				"PsList",
				"Quarian",
				"RbDoor",
				"RibDoor",
				"Royal DNS",
				"RoyalCli",
				"RoyalDNS",
				"SAMRID",
				"SMBTouch",
				"SilkBean",
				"Sinowal",
				"SpyWaller",
				"Theola",
				"TidePool",
				"Torpig",
				"Turian",
				"Winnti",
				"XSLCmd",
				"cobeacon",
				"nbtscan",
				"netcat",
				"spwebmember"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434595,
	"ts_updated_at": 1775792274,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4847fe228f2ff9c85d2c4599ec71686199fb0b27.pdf",
		"text": "https://archive.orkl.eu/4847fe228f2ff9c85d2c4599ec71686199fb0b27.txt",
		"img": "https://archive.orkl.eu/4847fe228f2ff9c85d2c4599ec71686199fb0b27.jpg"
	}
}