{ "id": "f8ba7ef1-6f44-4c56-9939-016909ecd413", "created_at": "2026-04-06T00:17:23.295458Z", "updated_at": "2026-04-10T13:12:58.19048Z", "deleted_at": null, "sha1_hash": "66ef06d1aabd30252f81e2035a41a5f2e80bf4d7", "title": "SILENTUPLOADER (Malware Family)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 38602, "plain_text": "SILENTUPLOADER (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 16:39:54 UTC\r\nwin.silentuploader (Back to overview)\r\nSILENTUPLOADER\r\nAccording to Mandiant, SILENTUPLOADER is an uploader written in MSIL that is dropped by DOSTEALER\r\nand is designed to work specifically in tandem with it. It checks for files in a specified folder every 30 seconds\r\nand uploads them to a remote server.\r\nReferences\r\n2022-12-12 ⋅ SOCRadar ⋅ SOCRadar\r\nDark Web Profile: APT42 – Iranian Cyber Espionage Group\r\nPINEFLOWER VINETHORN VBREVSHELL BROKEYOLK CHAIRSMACK DOSTEALER GHAMBAR\r\nSILENTUPLOADER TAG-56\r\n2022-09-07 ⋅ Mandiant ⋅ Mandiant Intelligence\r\nAPT42: Crooked Charms, Cons and Compromises\r\nPINEFLOWER VINETHORN VBREVSHELL BROKEYOLK DOSTEALER GHAMBAR\r\nSILENTUPLOADER\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.silentuploader\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.silentuploader\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.silentuploader" ], "report_names": [ "win.silentuploader" ], "threat_actors": [ { "id": "1d2ac189-a99e-4e16-84c0-e06df96e688c", "created_at": "2023-11-14T02:00:07.086528Z", "updated_at": "2026-04-10T02:00:03.446956Z", "deleted_at": null, "main_name": "TAG-56", "aliases": [], "source_name": "MISPGALAXY:TAG-56", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d0e8337e-16a7-48f2-90cf-8fd09a7198d1", "created_at": "2023-03-04T02:01:54.091301Z", "updated_at": "2026-04-10T02:00:03.356317Z", "deleted_at": null, "main_name": "APT42", "aliases": [ "UNC788", "CALANQUE" ], "source_name": "MISPGALAXY:APT42", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "99c7aace-96b1-445b-87e7-d8bdd01d5e03", "created_at": "2025-08-07T02:03:24.746965Z", "updated_at": "2026-04-10T02:00:03.640335Z", "deleted_at": null, "main_name": "COBALT ILLUSION", "aliases": [ "APT35 ", "APT42 ", "Agent Serpens Palo Alto", "Charming Kitten ", "CharmingCypress ", "Educated Manticore Checkpoint", "ITG18 ", "Magic Hound ", "Mint Sandstorm sub-group ", "NewsBeef ", "Newscaster ", "PHOSPHORUS sub-group ", "TA453 ", "UNC788 ", "Yellow Garuda " ], "source_name": "Secureworks:COBALT ILLUSION", "tools": [ "Browser Exploitation Framework (BeEF)", "MagicHound Toolset", "PupyRAT" ], "source_id": "Secureworks", "reports": null }, { "id": "0b212c43-009a-4205-a1f7-545c5e4cfdf8", "created_at": "2025-04-23T02:00:55.275208Z", "updated_at": "2026-04-10T02:00:05.270553Z", "deleted_at": null, "main_name": "APT42", "aliases": [ "APT42" ], "source_name": "MITRE:APT42", "tools": [ "NICECURL", "TAMECAT" ], "source_id": "MITRE", "reports": null } ], "ts_created_at": 1775434643, "ts_updated_at": 1775826778, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/66ef06d1aabd30252f81e2035a41a5f2e80bf4d7.pdf", "text": "https://archive.orkl.eu/66ef06d1aabd30252f81e2035a41a5f2e80bf4d7.txt", "img": "https://archive.orkl.eu/66ef06d1aabd30252f81e2035a41a5f2e80bf4d7.jpg" } }