{
	"id": "57b9ad00-e6fd-4c5f-9252-b269615e5906",
	"created_at": "2026-04-06T00:21:24.993299Z",
	"updated_at": "2026-04-10T03:20:29.512294Z",
	"deleted_at": null,
	"sha1_hash": "7e94ef1b1008dba580d42220fce8874171a07b0c",
	"title": "Koadic (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28712,
	"plain_text": "Koadic (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 17:24:30 UTC\r\nKoadic is an open-source post-exploitation framework for Windows, created by zerosum0x0 and available on\r\nGitHub. The framework is written in Python and can generate JScript and VBScript payloads which can be written\r\nto disk or mapped directly into memory. Its capabilities include remote desktop access, command execution,\r\nlateral movement via SMB, file transfer, credential theft using Mimikatz, port scanning, and system information\r\ncollection. It can also collect specific system information and targeted files based on their name or extension.\r\n[TLP:WHITE] win_koadic_auto (20251219 | Detects win.koadic.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.koadic\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.koadic\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.koadic"
	],
	"report_names": [
		"win.koadic"
	],
	"threat_actors": [],
	"ts_created_at": 1775434884,
	"ts_updated_at": 1775791229,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7e94ef1b1008dba580d42220fce8874171a07b0c.pdf",
		"text": "https://archive.orkl.eu/7e94ef1b1008dba580d42220fce8874171a07b0c.txt",
		"img": "https://archive.orkl.eu/7e94ef1b1008dba580d42220fce8874171a07b0c.jpg"
	}
}