{
	"id": "dba99401-88a1-4014-b1f1-daf7dab68489",
	"created_at": "2026-04-06T00:21:04.581492Z",
	"updated_at": "2026-04-10T03:35:26.987972Z",
	"deleted_at": null,
	"sha1_hash": "4b03aea93cc390ae121f8d995c86a77f93feaf30",
	"title": "SweetSpecter (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35857,
	"plain_text": "SweetSpecter (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 17:23:39 UTC\r\nwin.sweetspecter (Back to overview)\r\nSweetSpecter\r\nThere is no description at this point.\r\nReferences\r\n2024-05-23 ⋅ Palo Alto Networks Unit 42 ⋅ Daniel Frank, Lior Rochberger\r\nOperation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target\r\nGovernmental Entities in the Middle East, Africa and Asia\r\nAgent Racoon CHINACHOPPER Ghost RAT JuicyPotato MimiKatz Ntospy PlugX SweetSpecter TunnelSpecter\r\nCL-STA-0043\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.sweetspecter\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.sweetspecter\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.sweetspecter"
	],
	"report_names": [
		"win.sweetspecter"
	],
	"threat_actors": [
		{
			"id": "ffc66b49-9396-46af-966f-9376c4315f32",
			"created_at": "2023-11-21T02:00:07.339061Z",
			"updated_at": "2026-04-10T02:00:03.462317Z",
			"deleted_at": null,
			"main_name": "CL-STA-0043",
			"aliases": [
				"TGR-STA-0043"
			],
			"source_name": "MISPGALAXY:CL-STA-0043",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "cff2cedd-a198-4e79-ae67-19048084ae7f",
			"created_at": "2024-06-20T02:02:09.945126Z",
			"updated_at": "2026-04-10T02:00:04.79991Z",
			"deleted_at": null,
			"main_name": "Operation Diplomatic Specter",
			"aliases": [
				"CL-STA-0043",
				"TGR-STA-0043"
			],
			"source_name": "ETDA:Operation Diplomatic Specter",
			"tools": [
				"Agent Racoon",
				"Agent.dhwf",
				"AngryRebel",
				"CHINACHOPPER",
				"China Chopper",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"HTran",
				"HUC Packet Transmit Tool",
				"JuicyPotatoNG",
				"Kaba",
				"Korplug",
				"LadonGo",
				"Mimikatz",
				"Mimilite",
				"Moudour",
				"Mydoor",
				"NBTscan",
				"Ntospy",
				"PCRat",
				"PlugX",
				"RedDelta",
				"SharpEfsPotato",
				"SinoChopper",
				"Sogu",
				"SweetSpecter",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"TunnelSpecter",
				"Xamtrav",
				"Yasso",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434864,
	"ts_updated_at": 1775792126,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/4b03aea93cc390ae121f8d995c86a77f93feaf30.pdf",
		"text": "https://archive.orkl.eu/4b03aea93cc390ae121f8d995c86a77f93feaf30.txt",
		"img": "https://archive.orkl.eu/4b03aea93cc390ae121f8d995c86a77f93feaf30.jpg"
	}
}