{ "id": "70cad38a-9d9a-4386-8175-1e232df3c385", "created_at": "2026-04-06T00:15:39.299322Z", "updated_at": "2026-04-10T13:12:39.948465Z", "deleted_at": null, "sha1_hash": "5a6894104bc7358602fe4d85a8f98250e0d6c8a4", "title": "Equation: The Death Star of Malware Galaxy", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 174219, "plain_text": "Equation: The Death Star of Malware Galaxy\r\nBy GReAT\r\nPublished: 2015-02-16 · Archived: 2026-04-05 18:12:20 UTC\r\nDownload “Equation group: questions and answers” PDF\r\n“Houston, we have a problem”\r\nOne sunny day in 2009, Grzegorz Brzęczyszczykiewicz1 embarked on a flight to the burgeoning city of Houston\r\nto attend a prestigious international scientific conference. As a leading scientist in his field, such trips were\r\ncommon for Grzegorz. Over the next couple of days, Mr Brzęczyszczykiewicz exchanged business cards with\r\nother researchers and talked about  the kind of important issues such high level scientists would discuss (which is\r\nanother way of saying “who knows?”).  But, all good things must come to an end; the conference finished and\r\nGrzegorz Brzęczyszczykiewicz flew back home, carrying with him many highlights from a memorable event.\r\nSometime later, as is customary for such events, the organizers sent all the participants a CDROM carrying many\r\nbeautiful pictures from the conference. As Grzegorz put the CDROM in his computer and the slideshow opened,\r\nhe little suspected he had just became the victim of an almost omnipotent cyberespionage organization that had\r\njust infected his computer through the use of three exploits, two of them being zero-days.\r\nA rendezvous with the “God” of cyberespionage\r\nIt is not known when the Equation2 group began their ascent. Some of the earliest malware samples we have seen\r\nwere compiled in 2002; however, their C\u0026C was registered in August 2001. Other C\u0026Cs used by the Equation\r\ngroup appear to have been registered as early as 1996, which could indicate this group has been active for almost\r\ntwo decades. For many years they have interacted with other powerful groups, such as the Stuxnet and Flame\r\ngroups; always from a position of superiority, as they had access to exploits earlier than the others.\r\nThe #EquationAPT group is probably one of the most sophisticated cyber attack groups in the world\r\n#TheSAS2015\r\nTweet\r\nSince 2001, the Equation group has been busy infecting thousands, or perhaps even tens of thousands of victims\r\nthroughout the world, in the following sectors:\r\nGovernment and diplomatic institutions\r\nTelecoms\r\nAerospace\r\nEnergy\r\nNuclear research\r\nOil and gas\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 1 of 14\n\nMilitary\r\nNanotechnology\r\nIslamic activists and scholars\r\nMass media\r\nTransportation\r\nFinancial institutions\r\nCompanies developing encryption technologies\r\nTo infect their victims, the Equation group uses a powerful arsenal of “implants” (as they call their Trojans),\r\nincluding the following we have created names for: EQUATIONLASER, EQUATIONDRUG,\r\nDOUBLEFANTASY, TRIPLEFANTASY, FANNY and GRAYFISH. No doubt other “implants” exist which we\r\nhave yet to identify and name.\r\nThe #EquationAPT group interacted with other powerful groups, such as the #Stuxnet and #Flame\r\ngroups #TheSAS2015\r\nTweet\r\nThe group itself has many codenames for their tools and implants, including SKYHOOKCHOW, UR, KS, SF,\r\nSTEALTHFIGHTER, DRINKPARSLEY, STRAITACID, LUTEUSOBSTOS, STRAITSHOOTER,\r\nDESERTWINTER and GROK. Incredible as it may seem for such an elite group, one of the developers made the\r\nunforgivable mistake  of leaving his username: “RMGREE5“, in one of the malware samples as part of his\r\nworking folder: “c:\\users\\rmgree5\\“.\r\nPerhaps the most powerful tool in the Equation group’s arsenal is a mysterious module known only by a\r\ncryptic name: “nls_933w.dll“. It allows them to reprogram the hard drive firmware of over a dozen different\r\nhard drive brands, including Seagate, Western Digital, Toshiba, Maxtor and IBM. This is an astonishing technical\r\naccomplishment and is testament to the group’s abilities.\r\nOver the past years, the Equation group has performed many different attacks.  One stands out: the Fanny worm.\r\nPresumably compiled in July 2008, it was first observed and blocked by our systems in December 2008. Fanny\r\nused two zero-day exploits, which were later uncovered during the discovery of Stuxnet. To spread, it used the\r\nStuxnet LNK exploit and USB sticks. For escalation of privilege, Fanny used a vulnerability patched by the\r\nMicrosoft bulletin MS09-025, which was also used in one of the early versions of Stuxnet from 2009.\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 2 of 14\n\nLNK exploit as used by Fanny\r\nIt’s important to point out that these two exploits were used in Fanny before they were integrated into Stuxnet,\r\nindicating that the Equation group had access to these zero-days before the Stuxnet group. The main purpose of\r\nFanny was the mapping of air-gapped networks. For this, it used a unique USB-based command and control\r\nmechanism which allowed the attackers to pass data back and forth from air-gapped networks.\r\nTwo zero-day exploits were used by the #EquationAPT group before they were integrated into #Stuxnet\r\n#TheSAS2015\r\nTweet\r\nIn the coming days, we will publish more details about the Equation group malware and their attacks. The first\r\ndocument to be published will be a general FAQ on the group together with indicators of compromise.\r\nBy publishing this information, we hope to bring it to the attention of the ITSec community as well as independent\r\nresearchers, who can extend the understanding of these attacks. The more we investigate such cyberespionage\r\noperations, we more we understand how little we actually know about them. Together, we can lift this veil and\r\nwork towards a more secure (cyber-)world.\r\nDownload “Equation group: questions and answers” PDF\r\nIndicators of compromise (“one of each”):\r\nName EquationLaser\r\nMD5 752af597e6d9fd70396accc0b9013dbe\r\nType EquationLaser installer\r\nCompiled Mon Oct 18 15:24:05 2004\r\nName Disk from Houston “autorun.exe” with EoP exploits\r\nMD5 6fe6c03b938580ebf9b82f3b9cd4c4aa\r\nType EoP package and malware launcher\r\nCompiled Wed Dec 23 15:37:33 2009\r\nName DoubleFantasy\r\nMD5 2a12630ff976ba0994143ca93fecd17f\r\nType DoubleFantasy installer\r\nCompiled Fri Apr 30 01:03:53 2010\r\nName EquationDrug\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 3 of 14\n\nMD5 4556ce5eb007af1de5bd3b457f0b216d\r\nType EquationDrug installer (“LUTEUSOBSTOS”)\r\nCompiled Tue Dec 11 20:47:12 2007\r\nName GrayFish\r\nMD5 9b1ca66aab784dc5f1dfe635d8f8a904\r\nType GrayFish installer\r\nCompiled Compiled: Fri Feb 01 22:15:21 2008 (installer)\r\nName Fanny\r\nMD5 0a209ac0de4ac033f31d6ba9191a8f7a\r\nType Fanny worm\r\nCompiled Mon Jul 28 11:11:35 2008\r\nName TripleFantasy  \r\nMD5 9180d5affe1e5df0717d7385e7f54386 loader (17920 bytes .DLL)\r\nType ba39212c5b58b97bfc9f5bc431170827 encrypted payload (.DAT)\r\nCompiled various, possibly fake  \r\nName _SD_IP_CF.dll – unknown\r\nMD5 03718676311de33dd0b8f4f18cffd488\r\nType DoubleFantasy installer + LNK exploit package\r\nCompiled Fri Feb 13 10:50:23 2009\r\nName nls_933w.dll\r\nMD5 11fb08b9126cdb4668b3f5135cf7a6c5\r\nType HDD reprogramming module\r\nCompiled Tue Jun 15 20:23:37 2010\r\nName standalonegrok_2.1.1.1 / GROK\r\nMD5 24a6ec8ebf9c0867ed1c097f4a653b8d\r\nType GROK keylogger\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 4 of 14\n\nCompiled Tue Aug 09 03:26:22 2011\r\nC\u0026C servers (hostnames and IPs):\r\nDoubleFantasy:\r\nadvancing-technology[.]com\r\navidnewssource[.]com\r\nbusinessdealsblog[.]com\r\nbusinessedgeadvance[.]com\r\ncharging-technology[.]com\r\ncomputertechanalysis[.]com\r\nconfig.getmyip[.]com – SINKHOLED BY KASPERSKY LAB\r\nglobalnetworkanalys[.]com\r\nmelding-technology[.]com\r\nmyhousetechnews[.]com – SINKHOLED BY KASPERSKY LAB\r\nnewsterminalvelocity[.]com – SINKHOLED BY KASPERSKY LAB\r\nselective-business[.]com\r\nslayinglance[.]com\r\nsuccessful-marketing-now[.]com – SINKHOLED BY KASPERSKY LAB\r\ntaking-technology[.]com\r\ntechasiamusicsvr[.]com – SINKHOLED BY KASPERSKY LAB\r\ntechnicaldigitalreporting[.]com\r\ntimelywebsitehostesses[.]com\r\nwww.dt1blog[.]com\r\nwww.forboringbusinesses[.]com\r\nEquationLaser:\r\nlsassoc[.]com – re-registered, not malicious at the moment\r\ngar-tech[.]com – SINKHOLED BY KASPERSKY LAB\r\nFanny:\r\nwebuysupplystore.mooo[.]com – SINKHOLED BY KASPERSKY LAB\r\nEquationDrug:\r\nnewjunk4u[.]com\r\neasyadvertonline[.]com\r\nnewip427.changeip[.]net – SINKHOLED BY KASPERSKY LAB\r\nad-servicestats[.]net – SINKHOLED BY KASPERSKY LAB\r\nsubad-server[.]com – SINKHOLED BY KASPERSKY LAB\r\nad-noise[.]net\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 5 of 14\n\nad-void[.]com\r\naynachatsrv[.]com\r\ndamavandkuh[.]com\r\nfnlpic[.]com\r\nmonster-ads[.]net\r\nnowruzbakher[.]com\r\nsherkhundi[.]com\r\nquik-serv[.]com\r\nnickleplatedads[.]com\r\narabtechmessenger[.]net\r\namazinggreentechshop[.]com\r\nforoushi[.]net\r\ntechnicserv[.]com\r\ngoldadpremium[.]com\r\nhonarkhaneh[.]net\r\nparskabab[.]com\r\ntechnicupdate[.]com\r\ntechnicads[.]com\r\ncustomerscreensavers[.]com\r\ndarakht[.]com\r\nghalibaft[.]com\r\nadservicestats[.]com\r\n247adbiz[.]net – SINKHOLED BY KASPERSKY LAB\r\nwebbizwild[.]com\r\nroshanavar[.]com\r\nafkarehroshan[.]com\r\nthesuperdeliciousnews[.]com\r\nadsbizsimple[.]com\r\ngoodbizez[.]com\r\nmeevehdar[.]com\r\nxlivehost[.]com\r\ngar-tech[.]com – SINKHOLED BY KASPERSKY LAB\r\ndownloadmpplayer[.]com\r\nhonarkhabar[.]com\r\ntechsupportpwr[.]com\r\nwebbizwild[.]com\r\nzhalehziba[.]com\r\nserv-load[.]com\r\nwangluoruanjian[.]com\r\nislamicmarketing[.]net\r\nnoticiasftpsrv[.]com\r\ncoffeehausblog[.]com\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 6 of 14\n\nplatads[.]com\r\nhavakhosh[.]com\r\ntoofanshadid[.]com\r\nbazandegan[.]com\r\nsherkatkonandeh[.]com\r\nmashinkhabar[.]com\r\nquickupdateserv[.]com\r\nrapidlyserv[.]com\r\nGrayFish:\r\nad-noise[.]net\r\nbusiness-made-fun[.]com\r\nbusinessdirectnessource[.]com\r\ncharmedno1[.]com\r\ncribdare2no[.]com\r\ndowelsobject[.]com\r\nfollowing-technology[.]com\r\nforgotten-deals[.]com\r\nfunctional-business[.]com\r\nhousedman[.]com\r\nindustry-deals[.]com\r\nlistennewsnetwork[.]com\r\nphoneysoap[.]com\r\nposed2shade[.]com\r\nquik-serv[.]com\r\nrehabretie[.]com\r\nspeedynewsclips[.]com\r\nteatac4bath[.]com\r\nunite3tubes[.]com\r\nunwashedsound[.]com\r\nTripleFantasy:\r\narm2pie[.]com\r\nbrittlefilet[.]com\r\ncigape[.]net\r\ncrisptic01[.]net\r\nfliteilex[.]com\r\nitemagic[.]net\r\nmicraamber[.]net\r\nmimicrice[.]com\r\nrampagegramar[.]com\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 7 of 14\n\nrubi4edit[.]com\r\nrubiccrum[.]com\r\nrubriccrumb[.]com\r\nteam4heat[.]net\r\ntropiccritics[.]com\r\nEquation group’s exploitation servers:\r\nstandardsandpraiserepurpose[.]com\r\nsuddenplot[.]com\r\ntechnicalconsumerreports[.]com\r\ntechnology-revealed[.]com\r\nIPs hardcoded in malware configuration blocks:\r\n149.12.71.2\r\n190.242.96.212\r\n190.60.202.4\r\n195.128.235.227\r\n195.128.235.231\r\n195.128.235.233\r\n195.128.235.235\r\n195.81.34.67\r\n202.95.84.33\r\n203.150.231.49\r\n203.150.231.73\r\n210.81.52.120\r\n212.61.54.239\r\n41.222.35.70\r\n62.216.152.67\r\n64.76.82.52\r\n80.77.4.3\r\n81.31.34.175\r\n81.31.36.174\r\n81.31.38.163\r\n81.31.38.166\r\n84.233.205.99\r\n85.112.1.83\r\n87.255.38.2\r\n89.18.177.3\r\nKaspersky products detection names:\r\nBackdoor.Win32.Laserv\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 8 of 14\n\nBackdoor.Win32.Laserv.b\r\nExploit.Java.CVE-2012-1723.ad\r\nHEUR:Exploit.Java.CVE-2012-1723.gen\r\nHEUR:Exploit.Java.Generic\r\nHEUR:Trojan.Java.Generic\r\nHEUR:Trojan.Win32.DoubleFantasy.gen\r\nHEUR:Trojan.Win32.EquationDrug.gen\r\nHEUR:Trojan.Win32.Generic\r\nHEUR:Trojan.Win32.GrayFish.gen\r\nHEUR:Trojan.Win32.TripleFantasy.gen\r\nRootkit.Boot.Grayfish.a\r\nTrojan-Downloader.Win32.Agent.bjqt\r\nTrojan.Boot.Grayfish.a\r\nTrojan.Win32.Agent.ajkoe\r\nTrojan.Win32.Agent.iedc\r\nTrojan.Win32.Agent2.jmk\r\nTrojan.Win32.Diple.fzbb\r\nTrojan.Win32.DoubleFantasy.a\r\nTrojan.Win32.DoubleFantasy.gen\r\nTrojan.Win32.EquationDrug.b\r\nTrojan.Win32.EquationDrug.c\r\nTrojan.Win32.EquationDrug.d\r\nTrojan.Win32.EquationDrug.e\r\nTrojan.Win32.EquationDrug.f\r\nTrojan.Win32.EquationDrug.g\r\nTrojan.Win32.EquationDrug.h\r\nTrojan.Win32.EquationDrug.i\r\nTrojan.Win32.EquationDrug.j\r\nTrojan.Win32.EquationDrug.k\r\nTrojan.Win32.EquationLaser.a\r\nTrojan.Win32.EquationLaser.c\r\nTrojan.Win32.EquationLaser.d\r\nTrojan.Win32.Genome.agegx\r\nTrojan.Win32.Genome.akyzh\r\nTrojan.Win32.Genome.ammqt\r\nTrojan.Win32.Genome.dyvi\r\nTrojan.Win32.Genome.ihcl\r\nTrojan.Win32.Patched.kc\r\nTrojan.Win64.EquationDrug.a\r\nTrojan.Win64.EquationDrug.b\r\nTrojan.Win64.Rozena.rpcs\r\nWorm.Win32.AutoRun.wzs\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 9 of 14\n\nYara rules:\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 10 of 14\n\n1\r\n2\r\n3\r\n4\r\n5\r\n6\r\n7\r\n8\r\n9\r\n10\r\n11\r\n12\r\n13\r\n14\r\n15\r\n16\r\n17\r\n18\r\n19\r\n20\r\n21\r\n22\r\n23\r\n24\r\n25\r\nrule apt_equation_exploitlib_mutexes {\r\nmeta:\r\n    copyright = \"Kaspersky Lab\"\r\n    description = \"Rule to detect Equation group's Exploitation library\"\r\n    version = \"1.0\"\r\n    last_modified = \"2015-02-16\"\r\n    reference = \"https://securelist.com/blog/\"\r\nstrings:\r\n    $mz=\"MZ\"\r\n    $a1=\"prkMtx\" wide\r\n    $a2=\"cnFormSyncExFBC\" wide\r\n    $a3=\"cnFormVoidFBC\" wide\r\n    $a4=\"cnFormSyncExFBC\"\r\n    $a5=\"cnFormVoidFBC\"\r\ncondition:\r\n(($mz at 0) and any of ($a*))\r\n}\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 11 of 14\n\n1\r\n2\r\n3\r\n4\r\n5\r\n6\r\n7\r\n8\r\n9\r\n10\r\n11\r\n12\r\n13\r\n14\r\n15\r\n16\r\n17\r\n18\r\n19\r\n20\r\n21\r\n22\r\nrule apt_equation_doublefantasy_genericresource {\r\nmeta:\r\n    copyright = \"Kaspersky Lab\"\r\n    description = \"Rule to detect DoubleFantasy encoded config\"\r\n    version = \"1.0\"\r\n    last_modified = \"2015-02-16\"\r\n    reference = \"https://securelist.com/blog/\"\r\nstrings:\r\n    $mz=\"MZ\"\r\n    $a1={06 00 42 00 49 00 4E 00 52 00 45 00 53 00}\r\n    $a2=\"yyyyyyyyyyyyyyyy\"\r\n    $a3=\"002\"\r\ncondition:\r\n(($mz at 0) and all of ($a*))  and filesize \u0026lt; 500000\r\n}\r\n1\r\n2\r\n3\r\nrule apt_equation_equationlaser_runtimeclasses {\r\nmeta:\r\n    copyright = \"Kaspersky Lab\"\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 12 of 14\n\n4\r\n5\r\n6\r\n7\r\n8\r\n9\r\n10\r\n11\r\n12\r\n13\r\n14\r\n15\r\n16\r\n17\r\n18\r\n19\r\n20\r\n21\r\n22\r\n23\r\n    description = \"Rule to detect the EquationLaser malware\"\r\n    version = \"1.0\"\r\n    last_modified = \"2015-02-16\"\r\n    reference = \"https://securelist.com/blog/\"\r\nstrings:\r\n    $a1=\"?a73957838_2@@YAXXZ\"\r\n    $a2=\"?a84884@@YAXXZ\"\r\n    $a3=\"?b823838_9839@@YAXXZ\"\r\n    $a4=\"?e747383_94@@YAXXZ\"\r\n    $a5=\"?e83834@@YAXXZ\"\r\n    $a6=\"?e929348_827@@YAXXZ\"\r\ncondition:\r\n    any of them\r\n}\r\n1\r\n2\r\n3\r\n4\r\n5\r\nrule apt_equation_cryptotable {\r\nmeta:\r\n    copyright = \"Kaspersky Lab\"\r\n    description = \"Rule to detect the crypto library used in Equation group malware\"\r\n    version = \"1.0\"\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 13 of 14\n\n6\r\n7\r\n8\r\n9\r\n10\r\n11\r\n12\r\n13\r\n14\r\n15\r\n16\r\n17\r\n18\r\n19\r\n    last_modified = \"2015-02-16\"\r\n    reference = \"https://securelist.com/blog/\"\r\nstrings:\r\n    $a={37 DF E8 B6 C7 9C 0B AE 91 EF F0 3B 90 C6 80 85 5D 19 4B 45 44 12 3C E2 0D 5C 1C 7B\r\nC4 FF D6 05 17 14 4F 03 74 1E 41 DA 8F 7D DE 7E 99 F1 35 AC B8 46 93 CE 23 82 07 EB 2B D4 72\r\n71 40 F3 B0 F7 78 D7 4C D1 55 1A 39 83 18 FA E1 9A 56 B1 96 AB A6 30 C5 5F BE 0C 50 C1}\r\ncondition:\r\n    $a\r\n}\r\n1\r\n pseudonym, to protect the original victim’s identity \u003e\u003e\r\n2\r\n the name “Equation group” was given because of their preference for sophisticated encryption schemes \u003e\u003e\r\nSource: https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nhttps://securelist.com/equation-the-death-star-of-malware-galaxy/68750/\r\nPage 14 of 14", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "ETDA" ], "origins": [ "web" ], "references": [ "https://securelist.com/equation-the-death-star-of-malware-galaxy/68750/" ], "report_names": [ "68750" ], "threat_actors": [ { "id": "b740943a-da51-4133-855b-df29822531ea", "created_at": "2022-10-25T15:50:23.604126Z", "updated_at": "2026-04-10T02:00:05.259593Z", "deleted_at": null, "main_name": "Equation", "aliases": [ "Equation" ], "source_name": "MITRE:Equation", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "08623296-52be-4977-8622-50efda44e9cc", "created_at": "2023-01-06T13:46:38.549387Z", "updated_at": "2026-04-10T02:00:03.020003Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "Tilded Team", "EQGRP", "G0020" ], "source_name": "MISPGALAXY:Equation Group", "tools": [ "TripleFantasy", "GrayFish", "EquationLaser", "EquationDrug", "DoubleFantasy" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "2d9fbbd7-e4c3-40e5-b751-27af27c8610b", "created_at": "2024-05-01T02:03:08.144214Z", "updated_at": "2026-04-10T02:00:03.674763Z", "deleted_at": null, "main_name": "PLATINUM COLONY", "aliases": [ "Equation Group " ], "source_name": "Secureworks:PLATINUM COLONY", "tools": [ "DoubleFantasy", "EquationDrug", "EquationLaser", "Fanny", "GrayFish", "TripleFantasy" ], "source_id": "Secureworks", "reports": null }, { "id": "e0fed6e6-a593-4041-80ef-694261825937", "created_at": "2022-10-25T16:07:23.593572Z", "updated_at": "2026-04-10T02:00:04.680752Z", "deleted_at": null, "main_name": "Equation Group", "aliases": [ "APT-C-40", "G0020", "Platinum Colony", "Tilded Team" ], "source_name": "ETDA:Equation Group", "tools": [ "Bvp47", "DEMENTIAWHEEL", "DOUBLEFANTASY", "DanderSpritz", "DarkPulsar", "DoubleFantasy", "DoubleFeature", "DoublePulsar", "Duqu", "EQUATIONDRUG", "EQUATIONLASER", "EQUESTRE", "Flamer", "GRAYFISH", "GROK", "OddJob", "Plexor", "Prax", "Regin", "Skywiper", "TRIPLEFANTASY", "Tilded", "UNITEDRAKE", "WarriorPride", "sKyWIper" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434539, "ts_updated_at": 1775826759, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/5a6894104bc7358602fe4d85a8f98250e0d6c8a4.pdf", "text": "https://archive.orkl.eu/5a6894104bc7358602fe4d85a8f98250e0d6c8a4.txt", "img": "https://archive.orkl.eu/5a6894104bc7358602fe4d85a8f98250e0d6c8a4.jpg" } }