{ "id": "8d5b43ce-d9b6-4c99-9b1b-52bf105bd818", "created_at": "2026-04-06T02:12:30.477496Z", "updated_at": "2026-04-10T03:38:19.494928Z", "deleted_at": null, "sha1_hash": "6d128e3974e14636963b7fcc71493641859d52eb", "title": "Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 75210, "plain_text": "Three North Korean Military Hackers Indicted in Wide-Ranging\r\nScheme to Commit Cyberattacks and Financial Crimes Across the\r\nGlobe\r\nPublished: 2021-02-17 · Archived: 2026-04-06 02:08:03 UTC\r\nNote: Audio and Transcript of the February 17, 2021 press call is available on our videos page.\r\nA federal indictment unsealed today charges three North Korean computer programmers with participating in a\r\nwide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than\r\n$1.3 billion of money and cryptocurrency from financial institutions and companies, to create and deploy multiple\r\nmalicious cryptocurrency applications, and to develop and fraudulently market a blockchain platform.\r\nA second case unsealed today revealed that a Canadian-American citizen has agreed to plead guilty in a money\r\nlaundering scheme and admitted to being a high-level money launderer for multiple criminal schemes, including\r\nATM “cash-out” operations and a cyber-enabled bank heist orchestrated by North Korean hackers.\r\n“As laid out in today’s indictment, North Korea’s operatives, using keyboards rather than guns, stealing digital\r\nwallets of cryptocurrency instead of sacks of cash, are the world’s leading bank robbers,” said Assistant Attorney\r\nGeneral John C. Demers of the Justice Department’s National Security Division. “The Department will continue\r\nto confront malicious nation state cyber activity with our unique tools and work with our fellow agencies and the\r\nfamily of norms abiding nations to do the same.”\r\n“Today's unsealed indictment expands upon the FBI’s 2018 charges for the unprecedented cyberattacks conducted\r\nby the North Korean regime,” said the FBI Deputy Director Paul Abbate. “The ongoing targeting, compromise,\r\nand cyber-enabled theft by North Korea from global victims was met with the outstanding, persistent investigative\r\nefforts of the FBI in close collaboration with U.S. and international partners. By arresting facilitators, seizing\r\nfunds, and charging those responsible for the hacking conspiracy, the FBI continues to impose consequences and\r\nhold North Korea accountable for its criminal cyber activity.\"\r\n“The scope of the criminal conduct by the North Korean hackers was extensive and long-running, and the range of\r\ncrimes they have committed is staggering,” said Acting U.S. Attorney Tracy L. Wilkison for the Central District of\r\nCalifornia. “The conduct detailed in the indictment are the acts of a criminal nation-state that has stopped at\r\nnothing to extract revenge and obtain money to prop up its regime.”\r\n“This case is a particularly striking example of the growing alliance between officials within some national\r\ngovernments and highly sophisticated cyber-criminals,” said U.S. Secret Service Assistant Director Michael R.\r\nD’Ambrosio. “The individuals indicted today committed a truly unprecedented range of financial and cyber-crimes: from ransomware attacks and phishing campaigns, to digital bank heists and sophisticated money\r\nlaundering operations. With victims strewn across the globe, this case shows yet again that the challenge of\r\nhttps://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and\r\nPage 1 of 5\n\ncybercrime is, and will continue to be, a struggle that can only be won through partnerships, perseverance, and a\r\nrelentless focus on holding criminals accountable.”\r\nThe hacking indictment filed in the U.S. District Court in Los Angeles alleges that Jon Chang Hyok (전창혁), 31;\r\nKim Il (김일), 27; and Park Jin Hyok (박진혁), 36, were members of units of the Reconnaissance General Bureau\r\n(RGB), a military intelligence agency of the Democratic People’s Republic of Korea (DPRK), which engaged in\r\ncriminal hacking. These North Korean military hacking units are known by multiple names in the cybersecurity\r\ncommunity, including Lazarus Group and Advanced Persistent Threat 38 (APT38). Park was previously charged\r\nin a criminal complaint unsealed in September 2018. \r\nThe indictment alleges a broad array of criminal cyber activities undertaken by the conspiracy, in the United States\r\nand abroad, for revenge or financial gain. The schemes alleged include:\r\nCyberattacks on the Entertainment Industry: The destructive cyberattack on Sony Pictures Entertainment\r\nin November 2014 in retaliation for “The Interview,” a movie that depicted a fictional assassination of the\r\nDPRK’s leader; the December 2014 targeting of AMC Theatres, which was scheduled to show the film;\r\nand a 2015 intrusion into Mammoth Screen, which was producing a fictional series involving a British\r\nnuclear scientist taken prisoner in DPRK.\r\nCyber-Enabled Heists from Banks: Attempts from 2015 through 2019 to steal more than $1.2 billion from\r\nbanks in Vietnam, Bangladesh, Taiwan, Mexico, Malta, and Africa by hacking the banks’ computer\r\nnetworks and sending fraudulent Society for Worldwide Interbank Financial Telecommunication (SWIFT)\r\nmessages.\r\nCyber-Enabled ATM Cash-Out Thefts: Thefts through ATM cash-out schemes – referred to by the U.S.\r\ngovernment as “FASTCash” – including the October 2018 theft of $6.1 million from BankIslami Pakistan\r\nLimited (BankIslami).\r\nRansomware and Cyber-Enabled Extortion: Creation of the destructive WannaCry 2.0 ransomware in\r\nMay 2017, and the extortion and attempted extortion of victim companies from 2017 through 2020\r\ninvolving the theft of sensitive data and deployment of other ransomware.\r\nCreation and Deployment of Malicious Cryptocurrency Applications: Development of multiple malicious\r\ncryptocurrency applications from March 2018 through at least September 2020 – including Celas Trade\r\nPro, WorldBit-Bot, iCryptoFx, Union Crypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro\r\nTrader, and Ants2Whale – which would provide the North Korean hackers a backdoor into the victims’\r\ncomputers.\r\nTargeting of Cryptocurrency Companies and Theft of Cryptocurrency: Targeting of hundreds of\r\ncryptocurrency companies and the theft of tens of millions of dollars’ worth of cryptocurrency, including\r\n$75 million from a Slovenian cryptocurrency company in December 2017; $24.9 million from an\r\nIndonesian cryptocurrency company in September 2018; and $11.8 million from a financial services\r\ncompany in New York in August 2020 in which the hackers used the malicious CryptoNeuro Trader\r\napplication as a backdoor.\r\nSpear-Phishing Campaigns: Multiple spear-phishing campaigns from March 2016 through February 2020\r\nthat targeted employees of United States cleared defense contractors, energy companies, aerospace\r\ncompanies, technology companies, the U.S.Department of State, and the U.S. Department of Defense.\r\nhttps://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and\r\nPage 2 of 5\n\nMarine Chain Token and Initial Coin Offering: Development and marketing in 2017 and 2018 of the\r\nMarine Chain Token to enable investors to purchase fractional ownership interests in marine shipping\r\nvessels, supported by a blockchain, which would allow the DPRK to secretly obtain funds from investors,\r\ncontrol interests in marine shipping vessels, and evade U.S. sanctions.\r\nAccording to the allegations contained in the hacking indictment, which was filed on Dec. 8, 2020, in the U.S.\r\nDistrict Court in Los Angeles and unsealed today, the three defendants were members of units of the RGB who\r\nwere at times stationed by the North Korean government in other countries, including China and Russia. While\r\nthese defendants were part of RGB units that have been referred to by cybersecurity researchers as Lazarus Group\r\nand APT38, the indictment alleges that these groups engaged in a single conspiracy to cause damage, steal data\r\nand money, and otherwise further the strategic and financial interests of the DPRK government and its leader, Kim\r\nJong Un.\r\nMoney Launderer Charged in California and Georgia\r\nFederal prosecutors today also unsealed a charge against Ghaleb Alaumary, 37, of Mississauga, Ontario, Canada,\r\nfor his role as a money launderer for the North Korean conspiracy, among other criminal schemes. Alaumary\r\nagreed to plead guilty to the charge, which was filed in the U.S. District Court in Los Angeles on Nov. 17, 2020.\r\nAlaumary was a prolific money launderer for hackers engaged in ATM cash-out schemes, cyber-enabled bank\r\nheists, business email compromise (BEC) schemes, and other online fraud schemes. Alaumary is also being\r\nprosecuted for his involvement in a separate BEC scheme by the U.S. Attorney’s Office for the Southern District\r\nof Georgia.\r\nWith respect to the North Korean co-conspirators’ activities, Alaumary organized teams of co-conspirators in the\r\nUnited States and Canada to launder millions of dollars obtained through ATM cash-out operations, including\r\nfrom BankIslami and a bank in India in 2018. Alaumary also conspired with Ramon Olorunwa Abbas, aka “Ray\r\nHushpuppi,” and others to launder funds from a North Korean-perpetrated cyber-enabled heist from a Maltese\r\nbank in February 2019. Last summer, the U.S. Attorney’s Office in Los Angeles charged Abbas in a separate case\r\nalleging that he conspired to launder hundreds of millions of dollars from BEC frauds and other scams.\r\nAccompanying Mitigation Efforts\r\nThroughout the investigation, the FBI and the Justice Department provided specific information to victims about\r\nhow they had been targeted or compromised, as well as information about the tactics, techniques, and procedures\r\n(TTPs) used by the hackers with the goals of remediating any intrusion and preventing future intrusions. That\r\ndirect sharing of information took place in the United States and in foreign countries, often with the assistance of\r\nforeign law enforcement partners. The FBI also collaborated with certain private cybersecurity companies by\r\nsharing and analyzing information about the intrusion TTPs used by the members of the conspiracy.\r\nIn addition to the criminal charges, the FBI and the Department of Homeland Security’s Cybersecurity and\r\nInfrastructure Security Agency, in collaboration with the U.S. Department of Treasury, today released a joint\r\ncybersecurity advisory and malware analysis reports (MARs) regarding North Korean cryptocurrency malware.\r\nThe joint cybersecurity analysis and MARs highlight the cyber threat North Korea – which is referred to by the\r\nU.S. government as HIDDEN COBRA – poses to cryptocurrency and identify malware and indicators of\r\ncompromise related to the “AppleJeus” family of malware (the name given by the cybersecurity community to a\r\nhttps://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and\r\nPage 3 of 5\n\nfamily of North Korean malicious cryptocurrency applications that includes Celas Trade Pro, WorldBit-Bot, Union\r\nCrypto Trader, Kupay Wallet, CoinGo Trade, Dorusio, CryptoNeuro Trader, and Ants2Whale). The joint\r\ncybersecurity advisory and MARs collectively provide the cybersecurity community and public with information\r\nabout identifying North Korean malicious cryptocurrency applications, avoiding intrusions, and remedying\r\ninfections.\r\nThe U.S. Attorney’s Office and FBI also obtained seizure warrants authorizing the FBI to seize cryptocurrency\r\nstolen by the North Korean hackers from a victim in the indictment – a financial services company in New York –\r\nheld at two cryptocurrency exchanges. The seizures include sums of multiple cryptocurrencies totaling\r\napproximately $1.9 million, which will ultimately be returned to the victim.\r\nJon, Kim, and Park are charged with one count of conspiracy to commit computer fraud and abuse, which carries a\r\nmaximum sentence of five years in prison, and one count of conspiracy to commit wire fraud and bank fraud,\r\nwhich carries a maximum sentence of 30 years in prison.\r\nIn relation to the case filed in Los Angeles, Alaumary has agreed to plead guilty to one count of conspiracy to\r\ncommit money laundering, which carries a maximum sentence of 20 years in prison.\r\nThe charges contained in the indictment are merely accusations and the defendants are presumed innocent unless\r\nand until proven guilty beyond a reasonable doubt.\r\nThe investigation of Jon, Kim, and Park was led by the FBI’s Los Angeles Field Office, which worked closely\r\nwith the FBI’s Charlotte Field Office. The U.S. Secret Service’s Los Angeles Field Office and Global Investigative\r\nOperations Center provided substantial assistance. The FBI’s Cyber Division also provided substantial assistance.\r\nThe investigations of Alaumary were conducted by the U.S. Secret Service’s Savannah Field Office, FBI’s Los\r\nAngeles Field Office, and the U.S. Secret Service’s Los Angeles Field Office and Global Investigative Operations\r\nCenter. The FBI’s Criminal Investigative Division also provided substantial assistance.\r\nThe case against Jon, Kim, and Park is being prosecuted by Assistant U.S. Attorneys Anil J. Antony and Khaldoun\r\nShobaki of the Cyber and Intellectual Property Crimes Section, with substantial assistance from Trial Attorney\r\nScott Claffee of the Department of Justice National Security Division’s Counterintelligence and Export Control\r\nSection.\r\nAssistant U.S. Attorneys Antony and Shobaki are also prosecuting the case against Alaumary, in which the U.S.\r\nAttorney’s Office for the Southern District of Georgia and the Criminal Division’s Computer Crimes and\r\nIntellectual Property Section (CCIPS) provided substantial assistance. Assistant U.S. Attorneys Antony and\r\nShobaki, along with Assistant U.S. Attorney Jonathan Galatzan of the Asset Forfeiture Section, also obtained the\r\nseizure warrants for cryptocurrency stolen from the financial services company in New York.\r\nThe Criminal Division’s Office of International Affairs provided assistance throughout these investigations, as did\r\nmany of the FBI’s Legal Attachés, as well as foreign authorities around the world. Numerous victims cooperated\r\nand provided valuable assistance.\r\nhttps://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and\r\nPage 4 of 5\n\nSource: https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and\r\nhttps://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "MITRE" ], "references": [ "https://www.justice.gov/opa/pr/three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and" ], "report_names": [ "three-north-korean-military-hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and" ], "threat_actors": [ { "id": "34eea331-d052-4096-ae03-a22f1d090bd4", "created_at": "2025-08-07T02:03:25.073494Z", "updated_at": "2026-04-10T02:00:03.709243Z", "deleted_at": null, "main_name": "NICKEL ACADEMY", "aliases": [ "ATK3 ", "Black Artemis ", "COVELLITE ", "CTG-2460 ", "Citrine Sleet ", "Diamond Sleet ", "Guardians of Peace", "HIDDEN COBRA ", "High Anonymous", "Labyrinth Chollima ", "Lazarus Group ", "NNPT Group", "New Romanic Cyber Army Team", "Temp.Hermit ", "UNC577 ", "Who Am I?", "Whois Team", "ZINC " ], "source_name": "Secureworks:NICKEL ACADEMY", "tools": [ "Destover", "KorHigh", "Volgmer" ], "source_id": "Secureworks", "reports": null }, { "id": "679e335a-38a4-4db9-8fdf-a48c17a1f5e6", "created_at": "2023-01-06T13:46:38.820429Z", "updated_at": "2026-04-10T02:00:03.112131Z", "deleted_at": null, "main_name": "FASTCash", "aliases": [], "source_name": "MISPGALAXY:FASTCash", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "544ecd2c-82c9-417c-9d98-d1ae395df964", "created_at": "2025-10-29T02:00:52.035025Z", "updated_at": "2026-04-10T02:00:05.408558Z", "deleted_at": null, "main_name": "AppleJeus", "aliases": [ "AppleJeus", "Gleaming Pisces", "Citrine Sleet", "UNC1720", "UNC4736" ], "source_name": "MITRE:AppleJeus", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "732597b1-40a8-474c-88cc-eb8a421c29f1", "created_at": "2025-08-07T02:03:25.087732Z", "updated_at": "2026-04-10T02:00:03.776007Z", "deleted_at": null, "main_name": "NICKEL GLADSTONE", "aliases": [ "APT38 ", "ATK 117 ", "Alluring Pisces ", "Black Alicanto ", "Bluenoroff ", "CTG-6459 ", "Citrine Sleet ", "HIDDEN COBRA ", "Lazarus Group", "Sapphire Sleet ", "Selective Pisces ", "Stardust Chollima ", "T-APT-15 ", "TA444 ", "TAG-71 " ], "source_name": "Secureworks:NICKEL GLADSTONE", "tools": [ "AlphaNC", "Bankshot", "CCGC_Proxy", "Ratankba", "RustBucket", "SUGARLOADER", "SwiftLoader", "Wcry" ], "source_id": "Secureworks", "reports": null }, { "id": "a2b92056-9378-4749-926b-7e10c4500dac", "created_at": "2023-01-06T13:46:38.430595Z", "updated_at": "2026-04-10T02:00:02.971571Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Operation DarkSeoul", "Bureau 121", "Group 77", "APT38", "NICKEL GLADSTONE", "G0082", "COPERNICIUM", "Moonstone Sleet", "Operation GhostSecret", "APT 38", "Appleworm", "Unit 121", "ATK3", "G0032", "ATK117", "NewRomanic Cyber Army Team", "Nickel Academy", "Sapphire Sleet", "Lazarus group", "Hastati Group", "Subgroup: Bluenoroff", "Operation Troy", "Black Artemis", "Dark Seoul", "Andariel", "Labyrinth Chollima", "Operation AppleJeus", "COVELLITE", "Citrine Sleet", "DEV-0139", "DEV-1222", "Hidden Cobra", "Bluenoroff", "Stardust Chollima", "Whois Hacking Team", "Diamond Sleet", "TA404", "BeagleBoyz", "APT-C-26" ], "source_name": "MISPGALAXY:Lazarus Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "32a223a8-3c79-4146-87c5-8557d38662ae", "created_at": "2022-10-25T15:50:23.703698Z", "updated_at": "2026-04-10T02:00:05.261989Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Lazarus Group", "Labyrinth Chollima", "HIDDEN COBRA", "Guardians of Peace", "NICKEL ACADEMY", "Diamond Sleet" ], "source_name": "MITRE:Lazarus Group", "tools": [ "RawDisk", "Proxysvc", "BADCALL", "FALLCHILL", "WannaCry", "MagicRAT", "HOPLIGHT", "TYPEFRAME", "Dtrack", "HotCroissant", "HARDRAIN", "Dacls", "KEYMARBLE", "TAINTEDSCRIBE", "AuditCred", "netsh", "ECCENTRICBANDWAGON", "AppleJeus", "BLINDINGCAN", "ThreatNeedle", "Volgmer", "Cryptoistic", "RATANKBA", "Bankshot" ], "source_id": "MITRE", "reports": null }, { "id": "f426f0a0-faef-4c0e-bcf8-88974116c9d0", "created_at": "2022-10-25T15:50:23.240383Z", "updated_at": "2026-04-10T02:00:05.299433Z", "deleted_at": null, "main_name": "APT38", "aliases": [ "APT38", "NICKEL GLADSTONE", "BeagleBoyz", "Bluenoroff", "Stardust Chollima", "Sapphire Sleet", "COPERNICIUM" ], "source_name": "MITRE:APT38", "tools": [ "ECCENTRICBANDWAGON", "HOPLIGHT", "Mimikatz", "KillDisk", "DarkComet" ], "source_id": "MITRE", "reports": null }, { "id": "f32df445-9fb4-4234-99e0-3561f6498e4e", "created_at": "2022-10-25T16:07:23.756373Z", "updated_at": "2026-04-10T02:00:04.739611Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "APT-C-26", "ATK 3", "Appleworm", "Citrine Sleet", "DEV-0139", "Diamond Sleet", "G0032", "Gleaming Pisces", "Gods Apostles", "Gods Disciples", "Group 77", "Guardians of Peace", "Hastati Group", "Hidden Cobra", "ITG03", "Jade Sleet", "Labyrinth Chollima", "Lazarus Group", "NewRomanic Cyber Army Team", "Operation 99", "Operation AppleJeus", "Operation AppleJeus sequel", "Operation Blockbuster: Breach of Sony Pictures Entertainment", "Operation CryptoCore", "Operation Dream Job", "Operation Dream Magic", "Operation Flame", "Operation GhostSecret", "Operation In(ter)caption", "Operation LolZarus", "Operation Marstech Mayhem", "Operation No Pineapple!", "Operation North Star", "Operation Phantom Circuit", "Operation Sharpshooter", "Operation SyncHole", "Operation Ten Days of Rain / DarkSeoul", "Operation Troy", "SectorA01", "Slow Pisces", "TA404", "TraderTraitor", "UNC2970", "UNC4034", "UNC4736", "UNC4899", "UNC577", "Whois Hacking Team" ], "source_name": "ETDA:Lazarus Group", "tools": [ "3CX Backdoor", "3Rat Client", "3proxy", "AIRDRY", "ARTFULPIE", "ATMDtrack", "AlphaNC", "Alreay", "Andaratm", "AngryRebel", "AppleJeus", "Aryan", "AuditCred", "BADCALL", "BISTROMATH", "BLINDINGCAN", "BTC Changer", "BUFFETLINE", "BanSwift", "Bankshot", "Bitrep", "Bitsran", "BlindToad", "Bookcode", "BootWreck", "BottomLoader", "Brambul", "BravoNC", "Breut", "COLDCAT", "COPPERHEDGE", "CROWDEDFLOUNDER", "Castov", "CheeseTray", "CleanToad", "ClientTraficForwarder", "CollectionRAT", "Concealment Troy", "Contopee", "CookieTime", "Cyruslish", "DAVESHELL", "DBLL Dropper", "DLRAT", "DRATzarus", "DRATzarus RAT", "Dacls", "Dacls RAT", "DarkComet", "DarkKomet", "DeltaCharlie", "DeltaNC", "Dembr", "Destover", "DoublePulsar", "Dozer", "Dtrack", "Duuzer", "DyePack", "ECCENTRICBANDWAGON", "ELECTRICFISH", "Escad", "EternalBlue", "FALLCHILL", "FYNLOS", "FallChill RAT", "Farfli", "Fimlis", "FoggyBrass", "FudModule", "Fynloski", "Gh0st RAT", "Ghost RAT", "Gopuram", "HARDRAIN", "HIDDEN COBRA RAT/Worm", "HLOADER", "HOOKSHOT", "HOPLIGHT", "HOTCROISSANT", "HOTWAX", "HTTP Troy", "Hawup", "Hawup RAT", "Hermes", "HotCroissant", "HotelAlfa", "Hotwax", "HtDnDownLoader", "Http Dr0pper", "ICONICSTEALER", "Joanap", "Jokra", "KANDYKORN", "KEYMARBLE", "Kaos", "KillDisk", "KillMBR", "Koredos", "Krademok", "LIGHTSHIFT", "LIGHTSHOW", "LOLBAS", "LOLBins", "Lazarus", "LightlessCan", "Living off the Land", "MATA", "MBRkiller", "MagicRAT", "Manuscrypt", "Mimail", "Mimikatz", "Moudour", "Mydoom", "Mydoor", "Mytob", "NACHOCHEESE", "NachoCheese", "NestEgg", "NickelLoader", "NineRAT", "Novarg", "NukeSped", "OpBlockBuster", "PCRat", "PEBBLEDASH", "PLANKWALK", "POOLRAT", "PSLogger", "PhanDoor", "Plink", "PondRAT", "PowerBrace", "PowerRatankba", "PowerShell RAT", "PowerSpritz", "PowerTask", "Preft", "ProcDump", "Proxysvc", "PuTTY Link", "QUICKRIDE", "QUICKRIDE.POWER", "Quickcafe", "QuiteRAT", "R-C1", "ROptimizer", "Ratabanka", "RatabankaPOS", "Ratankba", "RatankbaPOS", "RawDisk", "RedShawl", "Rifdoor", "Rising Sun", "Romeo-CoreOne", "RomeoAlfa", "RomeoBravo", "RomeoCharlie", "RomeoCore", "RomeoDelta", "RomeoEcho", "RomeoFoxtrot", "RomeoGolf", "RomeoHotel", "RomeoMike", "RomeoNovember", "RomeoWhiskey", "Romeos", "RustBucket", "SHADYCAT", "SHARPKNOT", "SIGFLIP", "SIMPLESEA", "SLICKSHOES", "SORRYBRUTE", "SUDDENICON", "SUGARLOADER", "SheepRAT", "SierraAlfa", "SierraBravo", "SierraCharlie", "SierraJuliett-MikeOne", "SierraJuliett-MikeTwo", "SimpleTea", "SimplexTea", "SmallTiger", "Stunnel", "TAINTEDSCRIBE", "TAXHAUL", "TFlower", "TOUCHKEY", "TOUCHMOVE", "TOUCHSHIFT", "TOUCHSHOT", "TWOPENCE", "TYPEFRAME", "Tdrop", "Tdrop2", "ThreatNeedle", "Tiger RAT", "TigerRAT", "Trojan Manuscript", "Troy", "TroyRAT", "VEILEDSIGNAL", "VHD", "VHD Ransomware", "VIVACIOUSGIFT", "VSingle", "ValeforBeta", "Volgmer", "Vyveva", "W1_RAT", "Wana Decrypt0r", "WanaCry", "WanaCrypt", "WanaCrypt0r", "WannaCry", "WannaCrypt", "WannaCryptor", "WbBot", "Wcry", "Win32/KillDisk.NBB", "Win32/KillDisk.NBC", "Win32/KillDisk.NBD", "Win32/KillDisk.NBH", "Win32/KillDisk.NBI", "WinorDLL64", "Winsec", "WolfRAT", "Wormhole", "YamaBot", "Yort", "ZetaNile", "concealment_troy", "http_troy", "httpdr0pper", "httpdropper", "klovbot", "sRDI" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775441550, "ts_updated_at": 1775792299, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/6d128e3974e14636963b7fcc71493641859d52eb.pdf", "text": "https://archive.orkl.eu/6d128e3974e14636963b7fcc71493641859d52eb.txt", "img": "https://archive.orkl.eu/6d128e3974e14636963b7fcc71493641859d52eb.jpg" } }