{
	"id": "087ebd69-1061-47d4-8c7d-7e27c921f7b6",
	"created_at": "2026-04-06T00:21:43.162733Z",
	"updated_at": "2026-04-10T03:27:44.580643Z",
	"deleted_at": null,
	"sha1_hash": "596b4c634140a861a3cf819829fe7424581a02b6",
	"title": "HITB2020: Voltron STA — The Lost Reports",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35175,
	"plain_text": "HITB2020: Voltron STA — The Lost Reports\r\nArchived: 2026-04-05 13:30:42 UTC\r\nIn lieu of a proper write up, the following hashes should help replicate the work by any interested researchers. All\r\nsamples discussed are available on VirusTotal :)\r\n0xFancyFilter or Regin 1.5 (‘htmlfiltxx64.dll’ or ‘Microsoft\\Internet Explorer\\iesrch32.dat’)\r\ncd3ee807e349abae65d93e421176f302528b739e9e1d77a6ce4e57caeec91b4e\r\nOlder 0xFF samples (‘httpfilt.dll’, ‘htmlfilt.dll’)\r\n369145c6f366f25a4e8878ad1ffec73d680cdc2da4380b221d1d7cdf3a90c930\r\nef35705696d78cc9f4de6adad2cbe5ed22fd50da0ce4180c1d47cf0536aebc87\r\ndf4bc387181ffaabe0be39e66ef5eb838ed638e0ae2b82e9a7daa83647e38bb1\r\nOld EQGRP ‘nethdlr’ (MISTYVEAL) for comparison\r\nd8bab0b79bafec3a41db0dd4ae1703c2ab55de5af261e1881d62bde0d9033690\r\nRegin’s Hopscotch with shared RC4 implementation\r\nd83428779b0c0ebfa08c6b50f34e0f1ae7812eeb9ed78b86610517d8208b6cb3\r\nYARA\r\nA broad YARA rule focused on 0xFF features is available HERE\r\nSource: https://www.epicturla.com/previous-works/hitb2020-voltron-sta\r\nhttps://www.epicturla.com/previous-works/hitb2020-voltron-sta\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.epicturla.com/previous-works/hitb2020-voltron-sta"
	],
	"report_names": [
		"hitb2020-voltron-sta"
	],
	"threat_actors": [
		{
			"id": "08623296-52be-4977-8622-50efda44e9cc",
			"created_at": "2023-01-06T13:46:38.549387Z",
			"updated_at": "2026-04-10T02:00:03.020003Z",
			"deleted_at": null,
			"main_name": "Equation Group",
			"aliases": [
				"Tilded Team",
				"EQGRP",
				"G0020"
			],
			"source_name": "MISPGALAXY:Equation Group",
			"tools": [
				"TripleFantasy",
				"GrayFish",
				"EquationLaser",
				"EquationDrug",
				"DoubleFantasy"
			],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434903,
	"ts_updated_at": 1775791664,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/596b4c634140a861a3cf819829fe7424581a02b6.pdf",
		"text": "https://archive.orkl.eu/596b4c634140a861a3cf819829fe7424581a02b6.txt",
		"img": "https://archive.orkl.eu/596b4c634140a861a3cf819829fe7424581a02b6.jpg"
	}
}