{
	"id": "413ec35f-6b00-4138-8e31-650c0893fe7b",
	"created_at": "2026-04-06T01:29:30.356577Z",
	"updated_at": "2026-04-10T03:21:38.798193Z",
	"deleted_at": null,
	"sha1_hash": "606625e1ac0bfbe888a94dea46dab714c429c203",
	"title": "Possible Identity of a Kuwaiti Hacker NYANxCAT",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1499229,
	"plain_text": "Possible Identity of a Kuwaiti Hacker NYANxCAT\r\nBy Posted by Yury Polozov on October 19, 2020 at 12:38pm\r\nPublished: 2020-10-19 · Archived: 2026-04-06 01:07:12 UTC\r\nNYANxCAT is a prolific hacker who programs new pieces and versions of\r\nmalware, shares it widely, and records blackhat hacker educational YouTube videos which has over 150,000 views.  He uses\r\nGitHub repository, sells his hacker tools and services using PayPal and Bitcoin.  In this report, we discuss some of the\r\nsamples of NYANXCat malware, his business models, and possible Kuwaiti identity.\r\n(Figure 1. NYANxCAT GitHub logo)\r\nNYANxCAT Hacker Profile\r\nName:         possible name: Hmoud [Humooud] Meshal Aljraid [Al-Jerid].\r\n                  Possible name in Arabic: يدّ الجر حمود.\r\nLocation:     Likely location: Kuwait.\r\npossible location: ST 58 HOUSE# 8, Jahra, Kuwait\r\nAliases:       NYANxCAT, NYAN-x-CAT, NYAN_x_CAT, NYAN CAT, nyancat, NC, humooud.m, HumoudMJ, hmj_7,\r\nbomish3l.\r\nEmail:         humooud.m@gmail.com, NYANxCAT@protonmail.com, NYANxCAT@pm.me\r\nProfiles:       github[.]com/NYAN-x-CAT “NYAN CAT”.\r\ntwitter[.]com/NYAN_x_CAT “n”, joined June 2016, posts starting July 2019.\r\ntwitter[.]com/HumoudMJ, joined December 2009.\r\nGoogle ID: 106720573170316530671.\r\nyoutube[.]com/c/NYANCATx/about, started in Nov 20, 2018.\r\nyoutube[.]com/c/Bomish3l/, active 2013-2017.\r\npastebin[.]com/u/NYANxCAT PRO account started January 2018.\r\nsellix[.]io/NYANxCAT.\r\nDiscord: NYANxCAT#0662 (Lime Server: 388 members).\r\nBitcoin:        12DaUTCemhDEzNw7cAFg9FndzcWkYZt6C8, 1jVe7d8GQB8z2ZqK6U8SCYAgeCJuYxaFo.\r\nHacker forums: hackforums[.]net, cracked[.]to.\r\nProgramming languages: C#, Visual Basic .NET, JavaScript\r\nProgrammed:        LimeCrypter, VBS-Shell, Bitcoin Address Grabber v0.3.5, Lime-Miner, Lime-Dropper-1, Dropless-Malware v0.1,  Csharp-Loader, Anti Analysis v0.2,                                                                     Disable Windows Defender\r\nv1.1.\r\nEdited/improved:   Revenge-RAT v0.3, Neshta 1.0.\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 1 of 11\n\nLanguages:          English, Arabic.\r\nDetails\r\nNYANxCAT Possible Identity\r\nNYANxCAT stays under the radar for Google/Youtube, PayPal, Github and other services, as he claims his blackhat hacking\r\nvideos, tools, and malware are only “for educational purposes.”  At the same time, NYANxCAT hides his real-life identity\r\nbehind aliases.  During his recent hacker career, he was also using semi-private tools such as Protonmail for communication\r\nand Bitcoin for donations and payments.  Despite these measures, Red Sky Alliance analysts were able to analyze\r\nNYANxCAT’s communications and identify a possible hint to his real identity:\r\nFigure 2. NYANxCAT hacking video and a PayPal donation link\r\nSome of the NYANxCat’s hacking videos had a Paypal donation link given via an URL shortener: bit[.]ly/2B07Jaa (Figure\r\n2).[1]  This link is connected to Paypal hosted button id UEAXKSXDFJ2X6 and exposes email address\r\nhumooud.m@gmail.com (Figure 3).\r\nFigure 3. NYANxCAT linked PayPal page exposes his personal Gmail address\r\nAnalysis of the past uses of humooud.m@gmail.com shows that this email was used in 2017 to register domain odin-samsung[.]com. These records expose possible NYANxCAT identity as Hmoud Aljraid and his possible address in Jahra,\r\nKuwait (Table 1).\r\nTable 1. WHOIS historic record includes NYANxCAT’s email address\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 2 of 11\n\nDomain Name: odin-samsung[.]com\r\nTime Period: 2017-02-09 – 2018-02-12\r\nRegistrant Name: Hmoud Aljraid\r\nRegistrant Address: ST 58 HOUSE# 8 Jahra KU 65852 KW\r\nRegistrant Phone: 965.9982545\r\nRegistrant Email: humooud.m@gmail.com\r\nNote that “Humooud” and “Hmoud” are likely the same Arabic name that could be written in English in more than two\r\nways.\r\nAdditional research on humooud.m@gmail.com reveals that it is connected to Google User ID 106720573170316530671.\r\nThat is listed as Humoud Meshal and is active leaving Google reviews in the vicinity of Kuwait City in the last 3 years, and\r\nSri Lanka 6 years ago (Figure 4).[2]\r\nFigure 4. Humoud Meshal’s locations in Kuwait and Sri Lanka\r\nKuwaiti location matches cases when NYANxCAT actually put Kuwait as his country on his accounts (e.g. Github).[3]  Past\r\nSri Lankan location matches the nature of his past domain registration activity (Table 1).  Most of NYANxCAT persona\r\ncontent is in English, but he is still able to have a conversation in Arabic as could be seen in some of his Youtube threads\r\n(Figure 5).\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 3 of 11\n\nFigure 5. NYANxCAT is proficient in Arabic, Youtube comments\r\nThe search for Humoud Meshal’s user picture reveals connection to technical Arabic blog bomish3l[.]com.  This blog\r\nreferences additional Youtube “Bomish3l” and Twitter @HumoudMJ accounts (Figure 6).\r\nFigure 6. Humoud’s photo on Twitter (left) and on his autotranslated blog (right)\r\nHumoud’s Twitter account, @HumoudMJ follows a number of exploit-related accounts.   He lists his name in Arabic, that\r\nautotranslates as Hammoud Al-Jerid which matches the historic WHOIS record (Table 1).\r\nHumoud’s Youtube account had videos on a couple of topics including Android and hacking, e.g. video, “Hacking devices in\r\nwireless networks using your Android phone”.[4]  It is interesting that that YouTube account was posting videos since 2013,\r\nlast one was in 2017.  But in 2018, we see another YouTube channel becoming active: NYANxCAT.[5]\r\nHumoud Meshal aka Humoud Aljraid uses aliases like HumoudMJ or hmj_7, so it is logical that Meshal is his middle name\r\n(M), while Aljraid/Al Jerid is his last [J].[6]\r\nAs NYAnxCAT and Humoud accounts are connected via the used PayPal and Gmail accounts, Kuwaiti location, hacking\r\ninterest, and language capabilities, we assess with medium confidence that Humoud is the real NYANxCAT identity (see\r\nThe NYANxCAT Hacker Profile above).\r\nFrom Donations to Services\r\nNYANxCAT was trying to monetize his notoriety in various ways.  He would often include donation links into his source\r\ncode and educational videos – often it was his Bitcoin addresses, sometimes PayPal donation link (see above, Figure 2,3).\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 4 of 11\n\nFigure 7. NYANxCAT hacker shop at Sellix as of July 2020\r\nNYANxCAT created a personal shop page at Sellix.  Earlier this year, he was selling three items: his C# hacking tools and\r\nmalware coding services, his hacker tool Lime Crypter, and his malware Mass Logger (Figure 7).  Later in October 2020,\r\nNYANxCAT removed the offer of the programming services, leaving the malware and the hacking tool for sale.\r\nNYANxCAT Samples\r\nWe analyze various malicious samples associated with NYANxCAT – mostly recent ones from September 2020. These\r\nsamples cover different stages of malicious attacks, some of them are source code and crypters used for weaponization –\r\npreparation of the attack.  Some are the delivery mechanism for later stage malware.  Others are installation artifacts. See the\r\nbrief description below and the Indicators table attached. We also included some personal strings: emails, cryptocurrency\r\naddresses, aliases.  Those are useful for the profile building, but they are also helping find new samples in the wild as they\r\noften have strings with NYANcCAT aliases or his Github page. When listing indicators, we do not include “NYAN CAT”\r\nalias as it brings some true positives, but also bring many false positive as it was an original popular meme name that was\r\nadopted by this hacker.\r\nLimeCrypter\r\nNYANxCAT programmed and is promoting and distributing his hacker tool called LimeCrypter (also Lime-Crypter).  One\r\nof the latest LimeCrypter version seen in the wild is 2.0.7552.41963, executable sample hash:\r\nf55a23559bb981f9a054297b003293b890b8caa2b7abccef9464b817787352a6.[7]\r\nThis hacker tool calls to NYANxCAT hidden paste on Pastebin for the list of recent upgrades and added features.  It claims a\r\nfirst release date of 18 July 2020, and the last update as of this writing, 8 October 2020.[8]  NyanxCAT Github shows that he\r\nwas working on the LimeCrypter since at least August 2019, possibly since 2018.[9]\r\nFigure 8. NYANxCAT’s Youtube video shows LimeCrypter made a malware undetectable\r\nSince August 2020, NYANxCAT posted four videos explaining and promoting this hacker tool, showcasing how it helps to\r\navoid antivirus detections (Figure 8).[10]\r\nRATs\r\nAsyncRAT by NYANxCAT can often be seen among samples in the wild.  Executable sample hash:\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 5 of 11\n\n22096a0846ab1399647bb2cc5596c649fa6508d2bd09db05476b27acd9d4eea2.[11] Async RAT can be detected using Yara\r\nrule win_asyncrat by Johannes Bader @viql.[12]\r\nArchived sample containing another NYANxCAT-related RAT, Revenge-RAT v3, could be found using the following hash:\r\n2cf26e5fe9f31386d57170cc51ec46d6e4b73e4760826d65ca1a7afc8c82acc2.[13]\r\nDownloaders\r\nA few small NYANxCAT related samples in the wild represent various downloaders (droppers).  Those include JS\r\nDownloader, VBS Shell, and a number of unidentified droppers (see Indicators Table attached below).  A sample of JS\r\nDownloader code with payload URL could be found using this hash:\r\n5747ad762067a8a6617d2a4362304c24e11b21d6deed2da2adb31b8d55a4607c.[14]\r\nMiners\r\nSome of the NYANxCAT-related malware has cryptomining capabilities.   One example is NYANxCAT-branded Lime\r\nMiner, executable sample hash:\r\n74de28d70ee4bd414597561b696f865cb3c88fd3626161d36c423d35154e11a5.[15] Another example is a case of\r\nAsyncRAT.exe with Monero cryptocurrency mining capability (see Indicators below).\r\nModifications\r\nIt was also common for NYANxCAT to take an old piece of malicious code and to adapt/modify it for more malicious\r\npotential.  Examples are Revenge-RAT v0.3, Neshta 1.0 – modified and branded by NYANxCAT.[16]\r\nWaiving Responsibility\r\nNYANxCAT often includes a waiver that his code is not for malicious use. But examining samples of code signed by\r\nNYANxCAT we can see them dropping ransomware, backdoors, and other kind of malware.[17] Moreover, studying\r\nNYANxCAT videos confirms those are not just sandbox exercises, but involve actual victims.\r\nConclusion\r\nNYANxCAT started his blackhat hacker career in at least 2018.  While he is not the most advanced, his opportunistic\r\nbehavior and abuse of legitimate services such as YouTube and Github allows him to rapidly expand his criminal network\r\nand is negatively affecting the number of his victims.\r\nIndicators\r\nIndicator Type Kill_Chain_Phase First_Seen Last_Seen Comm\r\n9b62966982e91013c608f2542df01411704fe40c8d0cd63ced524f4ed33bab8d SHA256 Weaponization 9/28/20 9/28/20\r\nLimeC\r\nversion\r\n2.0.752\r\n90c2bb06bf684b2e6204418abeee6c81a552d997b163599e8da60c035223a230 SHA256 Delivery 9/27/20 9/27/20 Dropp\r\nb7460d79341ad3ad3acd17703fbf9e1f3b1fdbd1cff7ab8e3607899ced8c61bc SHA256 Installation 9/22/20 9/22/20 Async\r\n5747ad762067a8a6617d2a4362304c24e11b21d6deed2da2adb31b8d55a4607c SHA256 Delivery 9/25/20 9/25/20\r\nJS Dow\r\nby NY\r\ngithub[.]com/NYAN-x-CAT URL Weaponization 10/13/17 10/14/20\r\nNyanx\r\nmalwa\r\nreposit\r\npastebin[.]com/raw/WJD0PWxV URL Weaponization 9/28/20 10/14/20\r\nLimeC\r\ncalls th\r\nfor a ch\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 6 of 11\n\nhumooud.m@gmail.com Email Weaponization 8/16/19 10/14/20\r\nNyanx\r\nPayPal\r\nemail\r\nNYANxCAT@protonmail.com Email NA 10/15/19 10/14/20 Hacke\r\nNYANxCAT@pm.me Email NA 1/9/19 10/14/20 Hacke\r\nNYANxCAT String NA 1/9/19 10/14/20 Hacke\r\nNYAN_x_CAT String NA 1/9/19 10/14/20 Hacke\r\nNYAN-x-CAT String NA 1/9/19 10/14/20 Hacke\r\n12DaUTCemhDEzNw7cAFg9FndzcWkYZt6C8 String Weaponization 5/27/19 10/14/20\r\nNyanx\r\nBitcoin\r\n1jVe7d8GQB8z2ZqK6U8SCYAgeCJuYxaFo String Weaponization 1/9/19 10/14/20\r\nNyanx\r\nBitcoin\r\n2cf26e5fe9f31386d57170cc51ec46d6e4b73e4760826d65ca1a7afc8c82acc2 SHA256 Weaponization 9/14/20 9/14/20\r\nReven\r\nv3 -\r\nNYAN\r\ne62cc243c2bb10a2613a64f8b59ad27ec6f7592868902b6793dceb230b8f72bf SHA256 Delivery 9/13/20 9/13/20 Dropp\r\nnyanxcat.vbs File Delivery 9/13/20 9/13/20 Dropp\r\n914b759c186e0cdb0e82c4bbbbd5257fd1c7a60db0e77bbc24778362ee549bce SHA256 Delivery 9/13/20 9/13/20 Dropp\r\nf8890477e760cdb8f4a4fdbf8e8b5b1a224bc87046875b9ee17a9fcb93d2f118 SHA256 Exploitation 9/13/20 9/13/20\r\nFile ty\r\nEXE\r\n233587a133e3e112f42a5b456c94fca514d364f10b532291c1cc3c0aea92526e SHA256 Delivery 9/11/20 9/11/20 Dropp\r\nec5d16ff69ca2221bd60f41049f9862fe4cba0dd238959d78620140a00331250 SHA256 Delivery 9/11/20 9/11/20 Dropp\r\n54ea7614e8220bf4cad9ccd2c87d1470e341ef14b9d7c02ebe432a9c3139b8ab SHA256 Installation 9/10/20 9/10/20\r\nVBS-S\r\nNYAN\r\nASCII\r\nprogra\r\nhttp://f0439583.xsph[.]ru/Cryptolocker.exe URL Delivery 9/14/20 9/14/20 Ransom\r\n4b7bf7d3fac0ae3fe45a3d126bd07b65d5c824a5a423823f7c8900d9da4a1a1e SHA256 Delivery 9/10/20 9/10/20 Dropp\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 7 of 11\n\n00714fae672b284458a4784ee651ed42bf51ec5fead0cf4c17082f75ac5f782b SHA256 Weaponization 9/9/20 9/9/20\r\nBitcoin\r\nGrabbe\r\n74de28d70ee4bd414597561b696f865cb3c88fd3626161d36c423d35154e11a5 SHA256 Installation 9/9/20 9/9/20\r\nLime M\r\n0.3.0.0\r\ntype W\r\nEXE\r\nf1ad4dbe66d9570c067889cbb0876c3771c6750e6e5a96c3d784336fcc5c88a4 SHA256 Weaponization 9/8/20 9/8/20\r\nLime-C\r\n1.0.0.0\r\n5882452922bf3c291f64ce3cfe5ad557dc8911a101495aa923fb3c521c0446fd SHA256 Weaponization 9/8/20 9/8/20\r\nLime-C\r\n1.0.0.0\r\naca10c4a756f850bbb748715d2b5ba1e3466a6309d630a99f834dcc61abfc945 SHA256 Weaponization 9/8/20 9/8/20\r\nLime-C\r\n1.0.0.0\r\n22096a0846ab1399647bb2cc5596c649fa6508d2bd09db05476b27acd9d4eea2 SHA256 Installation 9/7/20 9/7/20 Async\r\na74af46f97845d0da1d2e761b85f42664c77ca1f2378a3c1e22fc1d0e2dd5188 SHA256 Installation 9/7/20 9/7/20\r\nVBS-S\r\nNYAN\r\nASCII\r\nprogra\r\n0430bad23899d3b9ec9e52f587e944075b793f55f3f2f32283910343668a6785 SHA256 Delivery 9/6/20 9/6/20 Dropp\r\n96de85fba7d85672bf59601c518aba429a8415089851772f66ae2df59848139b SHA256 Delivery 9/4/20 9/4/20 Dropp\r\n2f7371a3095fceb9b99bcb2abc176a142c37ca95940c91c58d3321ed54310bd2 SHA256 Delivery 9/3/20 9/3/20 Dropp\r\n110716c7f7f1e2f7e4b6237015ee2855efac37b609977ad451c1b0c8b54d0b63 SHA256 Delivery 9/3/20 9/3/20 Dropp\r\n34f3f6477224c8e17c31fd434470ee098a621b2732b5e8d9ca59f2c6ef5acf57 SHA256 Installation 9/3/20 9/3/20\r\nVBS-S\r\nNYAN\r\nASCII\r\nprogra\r\n9f5bfe12e454f8b67649e52cc064032f0b149492428729fdf7e8c41d6bec6fcb SHA256 Installation 9/3/20 9/3/20\r\nVBS-S\r\nNYAN\r\nASCII\r\nprogra\r\nhttps://pashupatipaints[.]com/test/minAZ34EXEitscr.exe URL Delivery 9/3/20 9/7/20\r\nf55a23559bb981f9a054297b003293b890b8caa2b7abccef9464b817787352a6 SHA256 Weaponization 9/24/20 9/24/20\r\nLimeC\r\nVersio\r\n2.0.755\r\n365ee8918af55945cfa1a4a8bf30b214814c23833261b3a67117a6237d961806 SHA256 Installation 9/23/20 9/23/20\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 8 of 11\n\n2e64a2918346eaa8b5441a6904d2741c37079456b00c91f2801a3d01c94f4dd5 SHA256 Installation 9/22/20 9/22/20 Dropp\r\n39f394baf297dcabc3bdcbc0f71b2f14a96d0e44df88a16d0f9e4f8bc2d3c3e6 SHA256 Installation 9/19/20 9/19/20 Dropp\r\ndced2da7db2861a40ac1a32cc5eb4d2205c0be6cf49f9f9bd2710fb98ee6cbc2 SHA256 Installation 9/18/20 9/18/20 Async\r\ne7eb31d13152158739d663eeabf2dfde8455deb4a4ffa0587e45676583e5f7e7 SHA256 Installation 9/17/20 9/17/20\r\nNeshta\r\nedited\r\nNYAN\r\npowers\r\n8b226dc5916d9c78eb1e3790241128d2d4ce6cd0b9124230d7574e62f0a28f4c SHA256 Weaponization 9/15/20 9/15/20\r\nLime-Crypte\r\nversion\r\n3e905ce85036d960c7f68c5fc7f848e1f9fb5c550d9e97998be111938b2ac0da SHA256 Delivery 9/27/20 9/27/20 Dropp\r\n033859addb85933297132cf3dc356c2b3780f9e10638149ae9ec8559aae00930 SHA256 Delivery 9/3/20 9/3/20 Dropp\r\n4d4e12de934064e401442a81e83563bfb2c98fb845b115eb60e5b6ce3e2639e2 SHA256 Delivery 9/1/20 9/1/20 JS Dow\r\nd64cb13bb5820b9618e5733537794b8de03a35387b626f26ce20921625dabf53 SHA256 Installation 8/31/20 9/26/20\r\nNeshta\r\nedited\r\nNYAN\r\npowers\r\ndbc0a745c62c9aef393f732f718149fc5abaffe30ddb1d55d978a8bf17e9ae01 SHA256 Weaponization 3/6/20 9/2/20\r\nReven\r\nv3 -\r\nNYAN\r\n97ca0ed6e618f457b56df8201689affb1a4c5410d29e222730966a36b6176047 SHA256 Delivery 8/30/20 8/30/20\r\nLimeR\r\nVersio\r\n6450208e47c71ac8bfb8dc35e3c37fbeb01c02c021b162352fc8eb44e03af3e6 SHA256 Delivery 8/28/20 8/28/20\r\nDropp\r\nShell b\r\nCAT\r\n431dea8a2af305cd0b8d735efbadb1a46f1025b96838bb8b282bab502b001f49 SHA256 Delivery 8/27/20 8/27/20 NJ RA\r\n165749a5f359e0316396cddd2e461f14f11756b62f786561019de99ded742af1 SHA256 Installation 8/26/20 8/26/20\r\nAngry\r\nversion\r\neb8276581ad494331c5586593e9bd533e3545db82eeb00872e0685dc67546305 SHA256 Installation 8/25/20 8/25/20\r\nAsync\r\nwith M\r\ncrypto\r\nmining\r\nDownload indicators in CSV format: IR-20-292-001_Hmoud Aljraid NYANxCAT.csv\r\nAppendix A. Additional Imagery\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 9 of 11\n\nFigure 9. Humoud’s Soundcloud Profile Picture\r\nSerial: IR-20-292-001\r\nCountry: KW, US\r\nReport Date: 20201018\r\nIndustries: All\r\n--- \r\nRed Sky Alliance has been tracking hacker threats for the past 7 years.  We are a Cyber Threat Analysis and Intelligence\r\nService organization.  For questions, comments, or assistance, please contact the lab directly at 1-844-492-7225, or\r\nfeedback@wapacklabs.com.  \r\nRed Sky Alliance can help protect with attacks such as these.  We provide both internal monitoring in tandem with RedXray\r\nnotifications on ‘external’ threats to include, botnet activity, public data breaches, phishing, fraud, and general targeting.\r\nhttps://www.wapacklabs.com/redxray\r\nRed Sky Alliance is in New Boston, NH USA. We are a Cyber Threat Analysis and Intelligence Service organization. For\r\nquestions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com\r\nReporting: https://www.redskyalliance.org/\r\nWebsite: https://www.wapacklabs.com/\r\nLinkedIn: https://www.linkedin.com/company/64265941 \r\n[1] www.youtube[.]com/watch?v=N16d_zvIgTg\r\n[2] google[.]com/maps/contrib/106720573170316530671/reviews/\r\n[3] github[.]com/NYAN-x-CAT\r\n[4] youtube[.]com/watch?v=30BV5U9OGv0, Jun 11, 2014.\r\n[5] youtube[.]com/c/Bomish3l/videos\r\nand youtube[.]com/c/NYANCATx/about\r\n[6] soundcloud[.]com/hmj_7/\r\n[7] virustotal[.]com/gui/file/f55a23559bb981f9a054297b003293b890b8caa2b7abccef9464b817787352a6/\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 10 of 11\n\n[8] Pastebin[.]com/raw/WJD0PWxV\r\n[9] github[.]com/NYAN-x-CAT/Lime-Crypter\r\n[10] www[.]youtube[.]com/watch?v=_dYngLbXUno\r\n[11] virustotal[.]com/gui/file/22096a0846ab1399647bb2cc5596c649fa6508d2bd09db05476b27acd9d4eea2/details\r\n[12] virustotal[.]com/gui/file/504fc502fef2fceaae027edb0e037e4e39a0ee62ca9f15ab316c70e8d6e5b740/details\r\n[13] virustotal[.]com/gui/file/2cf26e5fe9f31386d57170cc51ec46d6e4b73e4760826d65ca1a7afc8c82acc2/details\r\n[14] virustotal[.]com/gui/file/5747ad762067a8a6617d2a4362304c24e11b21d6deed2da2adb31b8d55a4607c/content/strings\r\n[15] virustotal[.]com/gui/file/74de28d70ee4bd414597561b696f865cb3c88fd3626161d36c423d35154e11a5/details\r\n[16] virustotal[.]com/gui/file/e7eb31d13152158739d663eeabf2dfde8455deb4a4ffa0587e45676583e5f7e7/details\r\n[17] 6450208e47c71ac8bfb8dc35e3c37fbeb01c02c021b162352fc8eb44e03af3e6\r\nand virustotal[.]com/gui/url/922efd801fc095b488126248f7c55d3d897fc14376d4d22a48966427ee8a421a/detection\r\nand 165749a5f359e0316396cddd2e461f14f11756b62f786561019de99ded742af1\r\nSource: https://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nhttps://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat\r\nPage 11 of 11",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://redskyalliance.org/xindustry/possible-identity-of-a-kuwaiti-hacker-nyanxcat"
	],
	"report_names": [
		"possible-identity-of-a-kuwaiti-hacker-nyanxcat"
	],
	"threat_actors": [],
	"ts_created_at": 1775438970,
	"ts_updated_at": 1775791298,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/606625e1ac0bfbe888a94dea46dab714c429c203.pdf",
		"text": "https://archive.orkl.eu/606625e1ac0bfbe888a94dea46dab714c429c203.txt",
		"img": "https://archive.orkl.eu/606625e1ac0bfbe888a94dea46dab714c429c203.jpg"
	}
}