{ "id": "673a31df-9f0e-4081-a871-f114aa5f1ec6", "created_at": "2026-04-06T00:10:20.506361Z", "updated_at": "2026-04-10T03:38:20.034134Z", "deleted_at": null, "sha1_hash": "843cdcc1b7e6380ed0606be92bede6f4a7d32564", "title": "WastedLocker (2020/08/16) - IoC (TT Malware Log)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 669190, "plain_text": "読者になる\r\n❖ プロフィール\r\n谷川哲司 (id:tanigawa)\r\nこのブログについて\r\n❖ 検索\r\n❖ 月別アーカイブ\r\n2020 08\r\nSun Mon Tue Wed Thu Fri Sat\r\n1\r\n2 3 4 5 6 7 8\r\n9 10 11 12 13 14 15\r\n16 17 18 19 20 21 22\r\n23 24 25 26 27 28 29\r\n30 31\r\n❖ リンク\r\nTT Malware Log\r\nTT_CTF Blog\r\nTT 脆弱性 Blog\r\nTT Security Lab\r\nTT Science Lab\r\nTT Phishing Log\r\nマルウェア検体入手方法\r\n❖ 注目記事\r\nIoC (TT Malware Log) 読者になる\r\nIoC (TT Malware Log)\r\n◆注意◆ マルウェア解析専析家向けサイト\r\n     FQDN, URL,IPアドレス等はそのまま掲載しています\r\n** Caution ** Malware expert site\r\n                    FQDN, URL, IP address etc. are posted as they are\r\nトップ Malware: WastedLocker (Ransomware) WastedLocker (2020/08/16)\r\nMalware の IoC(Indicator)情報 \u003e \u003e\r\n【インディケータ情報】\r\n■ハッシュ情報(Sha256) - WastedLocker-Malware: WastedLocker (Ransomware)\r\nWastedLocker (2020/08/16)\r\n2020-08-16\r\n0020227fd2d776c7dc1b29d78383792cc73390abc8cf983069f655838bae79c2\r\n00be911b180e7c0693f746bd7c2ecb4846e3e77044214c585d3bbba2fced618f\r\n00e55499c1fce017d25e27201f2919502797180264ef67a6bc8da2f0b6fe89ac\r\n034ec5eb976e5243aa7df416b3657a0f84cf28dfdfa896ac9f627631d64171d7\r\n038563215659a42d6d5b1009756716d969105e1f85155d9d1a6ff4c4d691fb3b\r\n05a9ee3b90da5fcc6c4bb888125d00f36a150eb271f956793ef1d74cf57d1493\r\n05e8b6895b8e332f0a5cd5cd8924f24259d2a07bd06ac8024e13e4ff1960b002\r\n061bdbf149adb99d3187ca21b6516ec0144711142bb7b97ee663261d9efe7560\r\n0840ac2be80386f26506916419dd46211ba4ae8db797e36b519945980d3d34f3\r\n08c2a598370400b6ae2e821bca121ef1ae2109c63ea547f972c0ccc281bf958e\r\n0cbc11499a01fc3e712f30f5ce0ffa88d23f490846c1a4ce0e7f5812af12edcc\r\n0e0832d0970cc95d1ce326a8d59068cf5757b6720ef2f89411eafcb077117b32\r\n0e684b25abfe57646e5176ff7d139019de00deb1054984ba6a692c12abb15ca7\r\n1150850a7cc92b753cc9f51db547ea675f177ce290652368599a49cfa2826d34\r\n1346085caf84eedcd8437b31b6549aa3a5f88b168efc165b67acde907d2ee691\r\n13f0cf420ca489ddf33ee7551251c27e0b80aeabb77c082d164ceb3620ea89c7\r\n14c46c371127b3025ab7ee242f5f0b4e9397a39471004657f247722e3b9d9951\r\n17652ca0a0674f3d33aadc5fc8aa83281a4c504a63b5a2b45a7ff06bf8db776a\r\n1858d80f6fdfc6ff796357d49d7c453a7cf17583dcc8d2d0c5be8a1695ad20f5\r\n189341461b49056358fe3b5d20558dc132d83fca43560ac96dccce5994fdd0c6\r\n191f0099acaa6ae47654d43c94f40946301fe4684c6291e3a8b61f83d7fec948\r\n1ae6f7888789d427431fd69bd79a0059a6d1faee77a271c0678f31b417a4dc87\r\n1b03c872c85b00b2ef2e2f9e5e3f85b703ee2190374d8aaba4da065f54efd21f\r\n1b1b50285f7653c3e8e2190db2c3801ecaf1a1168f30fc38665f2715397c809b\r\n1c79ec0d27c6f554eb2385b3a22c8d14c8443706de9bc8db77384b5fdd01007d\r\nはて\r\n記事を検索\r\n9\r\n記事を書く 購読リスト お知らせ\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 1 of 17\n\n❖ 注目記事\r\n1\r\nランサムウェアの リークサイ\r\nト (まとめ)\r\n2\r\nランサムウェアの 脅迫サイト\r\n(まとめ)\r\n3\r\nランサムウェアの拡張子 (まと\r\nめ)\r\n4\r\nWastedLocker (2020/08/16)\r\n5\r\nAPT10 (2020/11/17)\r\n6\r\nShadowHammer\r\n7\r\nXXMM\r\n8\r\nTSCookie (2018/03/01)\r\n9\r\nGitHub, Slack を活用するマル\r\nウェア\r\n10\r\nGh0stRAT\r\n❖ カテゴリー\r\n**まとめ (4)\r\n*マルウェア種別: ランサムウェ\r\nア (8)\r\nBackdoor (1)\r\nBot: GoldBrute (1)\r\nBotnet: Cutwail (1)\r\nBotnet: Dorkbot (2)\r\nC\u0026Cコマンド (1)\r\nCampaign: DNS Hijacking (1)\r\nEK: Sundown EK (1)\r\nIoC: FQDN (30)\r\nIoC: IPアドレス (27)\r\nIoC: MD5 (34)\r\nIoC: Mutex (2)\r\n1dc737669cdc997dc3f43cbc2e38d31914610a348a7466d5106490df5fcb29ba\r\n2334c93c4f6ae3d370a8e7ad57c72e67d950b2842360105d3074a3fdbcea6e6c\r\n241aab6bbfb5fe9294dd227b5834fc3837fc5c2a5cbccd3f66ca959052bd3b2e\r\n26dfeae63654feb8fe8c70f9d6fc87d748e3a302cf126210b38338bd5ed68fcc\r\n284c097b60e2e3cc65ae4047df57be15c0c9ee87e554c841b63e26bc7b0febbf\r\n288ffd4ceba91bcc4a95036014f7a7615911b12f88f03db8d70c47bf3db8f0d4\r\n289a5876bae1f28fd3817a7fc010e2dc2205372c0eeb957dcce009fa10b57bd9\r\n2bfdac333098b55eb4c9b65f2a6da758c2990338c39f1a4ba552ea4b34a9b742\r\n2c8de9f78d25ec81d0408dea82a5e449f68c9cc9ffc8cca68efbbbddb9b7edda\r\n2cd386577165e39c36f5274488f6796b0e0634c33d42a9bbb432f58dc1096d60\r\n30a6e295d616c9c7a638530f4fcc4fc82c5496c8f69811eaf0df42904c2fd3b9\r\n314e16b5713ca7e8604d07a3e0058f46ebc373896ae0c19abae6a624908c2f68\r\n34c40cee6ec17b6b76249bea42dab11380310df0bb5f1fd687be5648025cf887\r\n35a6d3b91260ed94efca4566b5bcb123af0c6a06d11dc573b8a3788104350895\r\n36cdac5b539227bc6dc88842bbe351478662ef6118b9145dec62aabd2c47c9c8\r\n36d6f04bbb409bc6e74cf4d8bbc11f250789cb2de14e243ffe891b0f75145549\r\n38d3d9aabcba1130937b16b3661adea027d8a02ff9756c91c8cbfbb6a24f790e\r\n39ea5c8bdf1f5c3345de71b78e9894081559c5b90720542b3ef3afe8432b1a4f\r\n3b467fc5992d420c5ffdb029a7ad167a5cfabba251746f96414542f4bc7a4434\r\n3c6ddfec710fdc626eaedf335ef0d5e062b58bf2018c07cc4f86957dce84b15b\r\n3ce5510452f63e74f339c80c98dd358cb266952f0184db0bebf9b2621a81b32e\r\n3cf9f70a28656cb3d6c0ab960f89df9b2b5939e930edb8e11d46b2560ab460cd\r\n3e3b419541631e4f0d123993a1df52d49f3d2b9a484af44f5e302b3b4a58cc10\r\n40876cec2391304003e3792afd49b8c41981da0d8629b3edb7b7dd42dbf16e45\r\n4212be38eea8207fc0a3239a129af434b3b5bec2554a62838e38cfabffb9ce19\r\n42807830ede9edc495c8632210c8d7516c2b5f0e0d766e0a150f73dad9287e0c\r\n45d611f352993041e3da849597e9411f2d6682a65d6f324a474d4ad2b409cb3f\r\n47aecefb1b8c20d1ac705581fb84331aa96bac0ba11a9dd9dcb3afe782d662d3\r\n49fec94faae5ec209c8ab143088d8a2bc5359e71d14806ac035071c90c120d05\r\n4a1457a6589c201dd79c49e0a0d19b3b742c7ec9eb8703ee998fcfcbed118f10\r\n4d0ba946c29c97ca509b86ea952c284de0c3ba20018570c16a2c39f82a36f19d\r\n4df28f81d5c9e84d96137ff0a24c9902589af1f120742441ed49e68e601b9d87\r\n52a8a9afe1637e8faa39894d4b7ec8857aadec8c631469a982d5d0860a6f3511\r\n54c8ff32e714a1160235683a26bbf9cbaa267a45e20fa34544e9b9b3b2753cfc\r\n55cbedf65b3c49c4fd456beb9ba25b9e770d93a51fd303f15727b35d33b1cb9e\r\n593fc97f711838ebfc63823ebb1dca6278dc9a5fb4a209a3bcb0c664dfccdd06\r\n5a4a7e37686388fe6f887021e16ee2226a27263c329f98d1501426a8d7152630\r\n5b1a2c9072623434e5fa9147359ce67ea0ffd1f16ebcefc56670485f76084390\r\n5c0a052e9ffe8afaac94b01172fc79ae35567a2f54522f3af012bc3927c63276\r\n5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367\r\n5d282476a27409c1eaa8d68f46bcc69f3027840a87a16159c25c0e49e87d8f9a\r\n5d6920e744d44a0ed95b0e6dfb6daf1953a2b3ac288c9821d77455584229338f\r\n5eb57802b26631c22ed4ebe9f252cd22822a04a2f28a594aaf4bc4887d33caf5\r\n5f30f3669e954b028b8aaabd84449bf1ddec5ca25b9ca6308fc6b68dc131fe57\r\n61099171f2bce433e2a8cdb1d24811cc2f6c01b8d9f08f66f5023c97306aa9ca\r\n6215316b10db41cf8ed697605074fdf59fd5967e98c62f03476d845ca46ff69e\r\n631c71d88a3d0fdfbb22ed393eddc78276c0b4abc85e2d0163b4edd603306fd6\r\n6515a4b8f5447a644dd7c741ab062ac59b1b34bd1064435e0f43d282bd70e4d4\r\n67e554dda076f496727b9b08b7982f03e803533bdefb0b62c8562dc80bd3aa78\r\n6d35b01dbe014c6efc18d587c2be5e12617e1681cc670ba5c49fe7ead9de780e\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 2 of 17\n\nIoC: Sha1 (13)\r\nIoC: Sha256 (146)\r\nIoC: URL (15)\r\nIoC: スケジュール (1)\r\nIoC: パイプ (1)\r\nIoC: パス (2)\r\nIoC: ファイル名 (4)\r\nIoC: フィッシングサイト (6)\r\nIoC: レジストリ (3)\r\nIoC: 拡張子 (1)\r\njquery (1)\r\nMalw3are: Hoplight (1)\r\nMalware: Fareit (5)\r\nMalware: 7ev3n (1)\r\nMalware: 9002 (1)\r\nMalware: ABK Downloader (1)\r\nMalware: AcidBox (1)\r\nMalware: AESDDoS (1)\r\nMalware: Agent (1)\r\nMalware: AgentTesla (6)\r\nMalware: AMCleaner (1)\r\nMalware: Anatova (1)\r\nMalware: ANEL (1)\r\nMalware: Anubis (1)\r\nMalware: Arkei (1)\r\nMalware: Astro Locker\r\n(Ransomware) (1)\r\nMalware: AutoIT (1)\r\nMalware: Aveo (1)\r\nMalware: Azorult (2)\r\nMalware: Babuk Locker (1)\r\nMalware: Backoff (POS) (1)\r\nMalware: Bancteian (1)\r\nMalware: BandarChor\r\n(Ransomware) (1)\r\nMalware: Banload (1)\r\nMalware: Barys (4)\r\nMalware: Bashlite (1)\r\nMalware: BBK Downloader (1)\r\nMalware: BianLian (1)\r\nMalware: Bifrose (1)\r\nMalware: Bifrost (8)\r\n6e44875045594d2f22da11544c49336f6a242a1ad3e8eaeaf025cd61fb9e168a\r\n6ee2884c7dfcf85030e4c26e68b3d65a6a8dd3b502f895938fca86653bfa171e\r\n733e4c6232b380c449dc906b60f5f15d29c9d49c3912a173eff15cfb6232b383\r\n736657779bfe8a99b9f75e8aabb3d517427cf9f2ae18d5f0461fe0d3fbf50145\r\n73a3d35902745b2b3e46efa884f711f6aa490a7961105ed1d735ac0878fe8b26\r\n73afcfba2476ad0de83a180a50e169878c070f8ee17c72d0c8360706dcd32cd4\r\n740e254bf1030441581a1a90b84a34f770dc5ddacfc26f2bdcc21d1e1adf4117\r\n7861cf7ec016aeda6db3472bf572d50c377400c2c59ba0b37705569c95510f09\r\n7a45a4ae68992e5be784b4a6da7acd98dc28281fe238f22c1f7c1d85a90d144a\r\n7b6c382fd85e740ac83d88804b713bec5cccf42cb5ac55bc909d85d02a078921\r\n7bdf7c6ed58ab59b872e41a1da6c548c5a150546841c2f9179b242e112a05390\r\n7c55d7753e22562c77d1d20e48293a233d9fbf84a654a0236f3edb3491809219\r\n81cb83ad3095554ea36932e5c8ae2b96d013a19dadeb56e9f11ecba8eb804591\r\n8279ff428765065945ffcc854c7b89f1449bcab42a7f41c9a8db98fb23104981\r\n82f3d67830c3680b71059c04002f6a0ae0f20e82dd99bf877f37e753f1756eab\r\n85f391ecd480711401f6da2f371156f995dd5cff7580f37791e79e62b91fd9eb\r\n877fd840276394386ef9f1efe989cf5d95533c15229f2a5b4aa25fbefe553ba3\r\n887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d\r\n8897db876553f942b2eb4005f8475a232bafb82a50ca7761a621842e894a3d80\r\n89355cdc3fd592b2630764290edb340ba0c24b69d82231b4c444f098080b53f7\r\n8b04f39738a58cb4a46a13b50dcead651e1cc1a0e23caf8adf00bc6d3e6ba684\r\n8e8e911906e2881dab603fb446c1ca98eb989e4b1a933496b3c49e64e3d34d33\r\n8ed034f6b236f254e1f5f49e900398ff4c6b9a7914ce70fb0e29ef5a2b0799e1\r\n8f18111a4d45ecbcaa5d409afda01bff59a335f6e92895d3422f21465e6e070e\r\n90221dec6d92d6f76af0240d3968a8503e821955d3cc3acf30527bc8f2a65e9c\r\n9056ec1ee8d1b0124110e9798700e473fb7c31bc0656d9fc83ed0ac241746064\r\n905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a\r\n90d8e358f27ff85b40b5cee46d636d5390b868ffc05d068a36b29f2dce6c62f6\r\n912c405cf9506288c18984f92d66f1fd263b999c2f4a346a8e133dcb846560f9\r\n92b79542921cab76d001d785dceb5c4f55cfa9d3a51cbc99a3e2db1cce4892e6\r\n94e17b0d20a458b997a43d6c5aaee62454e1168080574c5e472cf152046d7540\r\n9551700ba4099618b7d89e375f508ce1dcf8c9838318017ddbe081c0cf0b4693\r\n95658de9198378e20deb453fc888083864ea189ccd87653a14e2c39c524e3d84\r\n96c6e2936ffc2797d86feaa19c912898e77dcb392df9808ed4a135f6cee99664\r\n97a1e14988672f7381d54e70785994ed45c2efe3da37e07be251a627f25078a7\r\n9b06c7ce8c21e3439650d0d6478f7ba35a63a61efe97496c8258963fb88181a2\r\n9d5416ae461d9c4bef4e674aee34bee263261e734d22c8c0053d37d5b3aba56c\r\na1849335f5a9d185c514f1b963de6c9599e375046292e07feb6fec30e26a4c54\r\na5d3b330150b5de4e2d484fefe7cbbcf0273aa5f043c3d54c83437785e6af1d5\r\na63d0089053e761e518698ef6cfad7cf480dd23a936812a23bded97279516b91\r\na8fa11b8402bcdcf1c6cae98dba90568fdf734ba4b083d68566b5adfa66c8327\r\naa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772\r\nabf625d0b4fc46a57d102a460d08f948203abb18bd8fc6b349f724825deafb32\r\nae255679f487e2e9075ffd5e8c7836dd425229c1e3bd40cfc46fbbceceec7cf4\r\nafa42b2f92b076e1dae6257e27bd6cfeb2102fbe3da569f233bd6b85c0f88b8d\r\nafe70907f37be1fa8285e5c2e9caa99d552c715244e731d17f681307b8515971\r\nb0fd99793eb891f89de6b4757d10c8c58d3ee6e8139e2b594ac9f1116868f8ed\r\nb1a0dcd29e184b3d71cf201ee04db44316390d6d45b3f13719dfad26a204498c\r\nb26917a47ce0c19deae73f23bd8f26f6ee8ea0c307590e9d2b7a42aa9ddee297\r\nb3392097a9028ec52686eee61e68a2431d2234e4453e7a08b9105b12e1053c12\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 3 of 17\n\nMalware: Bisodown / Cpycat /\r\nHomamDownloader (1)\r\nMalware: Bisonal (1)\r\nMalware: Bistromath (1)\r\nMalware: BitPlayer\r\n(Ransomware) (1)\r\nMalware: Blackshades (2)\r\nMalware: Blindingcan (RAT) (1)\r\nMalware: Brambul (1)\r\nMalware: Broler (1)\r\nMalware: Brontok (1)\r\nMalware: Bublik (2)\r\nMalware: Bunitu (1)\r\nMalware: CactusTorch (3)\r\nMalware: Cerber (Ransomware)\r\n(22)\r\nMalware: ChChes (3)\r\nMalware: China Chopper (Web\r\nShell) (1)\r\nMalware: Chthonic (5)\r\nMalware: CobaltStrike (1)\r\nMalware: Cocktail (1)\r\nMalware: Coupons (1)\r\nMalware: CrashOverride (1)\r\nMalware: Crimson (RAT) (1)\r\nMalware: Cryptbot (1)\r\nMalware: Cryzip (1)\r\nMalware: CTB-Locker\r\n(Ransomware) (1)\r\nMalware: Cuba (Ransomware) (1)\r\nMalware: Custom Gh0st (1)\r\nMalware: Cybergate (2)\r\nMalware: Dacls (RAT) (1)\r\nMalware: Dalexis (Downloader) (1)\r\nMalware: DarkComet (14)\r\nMalware: DarkHotel (2)\r\nMalware: Darkkomet (1)\r\nMalware: Daserf / Muirim /\r\nNioupale (7)\r\nMalware: Datper (9)\r\nMalware: Dealply (Adware) (2)\r\nMalware: DearCry (Ransomware)\r\n(2)\r\nMalware: Destover (1)\r\nMalware: DGet (1)\r\nb349848b0357abd4be79b456e1019305c5105892eab768b85bc89da1932f3d22\r\nb3955a0deb80e5bc5baed0002d7e2761e1b0d5165f02134ad7ee1151f91424bd\r\nb4df0635436d46418aa93aa72244ab8090463611132d7804decfbc2fa1eff047\r\nb4f397035d5d1c02011df84bc8a3fd9e3beea02808bd3f40335a2b8be50b114a\r\nb70df428c04e69f3ac3aab97c93ca327eeff91005fc9a6b4a824caaae2df5f88\r\nb73583872a08cfd1d301024fc4a64e4cba9a88a4413089fb1ee04257a9723e91\r\nb935a4e4b589adb6cfffd67ae9400caef9f8e087a5943a5feaec21361693c606\r\nb94ba37e5956e4880d7bcc1ff93419e73771416980f54b221e16701660e5571a\r\nbad14e9954f35a8274869047146a6150b354bf917f6a55d5ff9698c6c87cd83e\r\nbcd670fa6c4c943b3b4375d833adf8e0cc909ca98fb0c93414288e27dd80c2fa\r\nbcdac1a2b67e2b47f8129814dca3bcf7d55404757eb09f1c3103f57da3153ec8\r\nbcddb155313a76b05e4758c6071c3ff26b3c383d705c90c0015f68e7d11f504d\r\nbe7acff64e95605852c4a9a7be7d013e37d3975f59b2bad1381e1ef0f2fd0693\r\nc1e90b1028c33a8296090bb4b280167b2af2bbe13a6505f0efa72fbaf47d6610\r\nc5e591eb216820efc4887b2b2e2f956937e9aeb6422577f4710cd1d73709bf14\r\nc9ad39666e0325af0db6ad5ceba49426989f1b79a1c7e948fd721041ea403b8b\r\ncbbc0a5e557785549766d538fe3bc1625b91b40fa74b910a7e654abc7d0ed7cf\r\ncd04bf5e9383f717975e4b2e901d04782c9cab00099a5ad06a8a9429bd4cf9a5\r\nce2b122a1204a1ab7effb52e7008661951bf192a1f184fe549a8bc09ee0df76e\r\ncf7734c8606a472aa2dbd38a74a60dff4e8a5d00b05eb850de535a7019cc9904\r\ncfe3628d6bd279b2d43dcf8e7d3898893ea24fd2bf757fc51b764c0393b45976\r\nd0679c245e7fdc321f10aed472d7dd41cc13cbad9adbcceab1e378f61b02612d\r\nd0759bb3342894677588eef9affe52779f1563cc8b5ee1c58ffe3f0360dab5aa\r\nd3705a1fd6c1736aeabcae24bc6d247e6bcbe2168523b9788a22714fb165bfec\r\nd6020b5e4a6dc0df5f6b1b38b5912ac5a623224cd1c64a934c678e1a88fc8c38\r\nd83a6cddf932d129f49b871d8a42f8b1a885cbdc8ae3f44b215d409d8f7eaf05\r\nd8cdf823efe1bd2ec019bd32890d40b34695cbf7ce9e0b7780e96f7d32b5b4fc\r\nd9717e971ac44f6233b3f5854f9b264040250aa39d74bfa227a4b4602b6eb832\r\ndab5af9b9a633ac329e40522341579a3ad6511ef293c1b6ce0274883af9fb9c9\r\ndb42110a03f606bf9196297933c9e0f5fed4a293d98ad3b47dc981a7da480f06\r\ndf068eb71951ff0950fbbc0595540818dd63d490e8f8ede46185ee75f20b0a72\r\ne14257ac1f2ef19a21c7ef60c29b6dce9f63d198746d59046198fa254d9d3a54\r\ne2431e102d6ac41f91216e4a8b2bd93a126cd6988254406fcdd95340e3a0a219\r\ne38ae05677ea8137a432307214816e0c17fe22e42c2c4279e89d5019a4599acd\r\ne3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb\r\ne44ba11de9be266b5a09e7159fa7783f1cf0b8a2714399402a215425e37a1cc9\r\ne492d2f1c8d718a8ac06f15f3e21e1434d0ee1889c0b4023901bf5cc680668e8\r\ne53da3060cb4574af7b763dea1f401f5180cda9d429e5df06b6a5d944829d4ff\r\ne69c70c23563cfc4eb975611bac2514e7210dacd24fa07236856261d797ba05c\r\ne96c47a7540c87778af38934d6c0a35a68d83fb1da80b9499480b7a8ffbdf5ed\r\neb557f64f52a6090a65c5415e47f4e99b0cb8fb9938d31863954ce84883fe730\r\nec1674ec04b9b12378198526546a43a19ad3720f5a57b9b420386a17cc0f8983\r\ned0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3\r\ned1dcf691183d593451e02d1e1b5ee8f1315b472efb9955f0a0158134dec29f4\r\nef4a97b17c24569454cd9d28a37fb7acdf947e6067052da6ec3ae40d8ce48a01\r\nef7a9166c63d90cd5a4c5c58cb458da4c967a2baab2ad433de0aa20dfbf568f7\r\neffa6018b4d8b48e59684dc66c64a08658e118a43715f6d0902d7c83db3902c0\r\nf0520c25fd656c465dc55b5eada41dbd042f46be93fb3678d046ed9f6a90a149\r\nf534550d7f45febddd4f73634e13870889e16d9347cb55dd5438a8d1859e3b01\r\nf5d4366ffbf7ff84ee4ed8eb8ddda39fe78a41e9b0138baa9c0627c65c5934be\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 4 of 17\n\nMalware: Dharma (Ransomware)\r\n(2)\r\nMalware: Digmine (1)\r\nMalware: DNSpionage (1)\r\nMalware: Downeks (1)\r\nMalware: Downloadguide (1)\r\nMalware: Dridex (16)\r\nMalware: DRIGO (1)\r\nMalware: Dropapibot (1)\r\nMalware: Duqu (1)\r\nMalware: Duuzer (1)\r\nMalware: ElectricFish (2)\r\nMalware: Elkern (1)\r\nMalware: Emdivi / Sunblade (RAT)\r\n(3)\r\nMalware: Emotet (55)\r\nMalware: Esfury (1)\r\nMalware: Expiro (4)\r\nMalware: FakeApp (1)\r\nMalware: Fakeglobe (2)\r\nMalware: FighterPOS (1)\r\nMalware: FlawedAmmyy (2)\r\nMalware: FONIX (Ransomware) (1)\r\nMalware: Formbook (3)\r\nMalware: Gamaredon (4)\r\nMalware: Gamarue (2)\r\nMalware: GandCrab\r\n(Ransomware) (9)\r\nMalware: Generickdz (2)\r\nMalware: Genkryptik (1)\r\nMalware: Gh0stRAT (16)\r\nMalware: Gh0stRAt Downloader\r\n(1)\r\nMalware: Glimpse (1)\r\nMalware: Glupteba (1)\r\nMalware: Gmera (1)\r\nMalware: Gofarer (2)\r\nMalware: Gold Dragon (1)\r\nMalware: Gootkit (1)\r\nMalware: GratefulPOS /\r\nFrameworkPOS (POS) (1)\r\nMalware: GuLoader (Downloader))\r\n(1)\r\nMalware: Gustuff (1)\r\n(以上は UNIT42(Paloalto) の情報: 引用元は https://pan-unit42.github.io/playbook_viewer/?\r\npb=wastedlocker-ransomware )\r\n【検索】\r\ngoogle: WastedLocker\r\ngoogle:news: WastedLocker\r\ngoogle: 0020227fd2d776c7dc1b29d78383792cc73390abc8cf983069f655838bae79c2\r\ngoogle: 00be911b180e7c0693f746bd7c2ecb4846e3e77044214c585d3bbba2fced618f\r\ngoogle: 00e55499c1fce017d25e27201f2919502797180264ef67a6bc8da2f0b6fe89ac\r\ngoogle: 034ec5eb976e5243aa7df416b3657a0f84cf28dfdfa896ac9f627631d64171d7\r\ngoogle: 038563215659a42d6d5b1009756716d969105e1f85155d9d1a6ff4c4d691fb3b\r\ngoogle: 05a9ee3b90da5fcc6c4bb888125d00f36a150eb271f956793ef1d74cf57d1493\r\ngoogle: 05e8b6895b8e332f0a5cd5cd8924f24259d2a07bd06ac8024e13e4ff1960b002\r\ngoogle: 061bdbf149adb99d3187ca21b6516ec0144711142bb7b97ee663261d9efe7560\r\ngoogle: 0840ac2be80386f26506916419dd46211ba4ae8db797e36b519945980d3d34f3\r\ngoogle: 08c2a598370400b6ae2e821bca121ef1ae2109c63ea547f972c0ccc281bf958e\r\ngoogle: 0cbc11499a01fc3e712f30f5ce0ffa88d23f490846c1a4ce0e7f5812af12edcc\r\ngoogle: 0e0832d0970cc95d1ce326a8d59068cf5757b6720ef2f89411eafcb077117b32\r\ngoogle: 0e684b25abfe57646e5176ff7d139019de00deb1054984ba6a692c12abb15ca7\r\ngoogle: 1150850a7cc92b753cc9f51db547ea675f177ce290652368599a49cfa2826d34\r\ngoogle: 1346085caf84eedcd8437b31b6549aa3a5f88b168efc165b67acde907d2ee691\r\ngoogle: 13f0cf420ca489ddf33ee7551251c27e0b80aeabb77c082d164ceb3620ea89c7\r\ngoogle: 14c46c371127b3025ab7ee242f5f0b4e9397a39471004657f247722e3b9d9951\r\ngoogle: 17652ca0a0674f3d33aadc5fc8aa83281a4c504a63b5a2b45a7ff06bf8db776a\r\ngoogle: 1858d80f6fdfc6ff796357d49d7c453a7cf17583dcc8d2d0c5be8a1695ad20f5\r\ngoogle: 189341461b49056358fe3b5d20558dc132d83fca43560ac96dccce5994fdd0c6\r\ngoogle: 191f0099acaa6ae47654d43c94f40946301fe4684c6291e3a8b61f83d7fec948\r\ngoogle: 1ae6f7888789d427431fd69bd79a0059a6d1faee77a271c0678f31b417a4dc87\r\ngoogle: 1b03c872c85b00b2ef2e2f9e5e3f85b703ee2190374d8aaba4da065f54efd21f\r\ngoogle: 1b1b50285f7653c3e8e2190db2c3801ecaf1a1168f30fc38665f2715397c809b\r\ngoogle: 1c79ec0d27c6f554eb2385b3a22c8d14c8443706de9bc8db77384b5fdd01007d\r\ngoogle: 1dc737669cdc997dc3f43cbc2e38d31914610a348a7466d5106490df5fcb29ba\r\ngoogle: 2334c93c4f6ae3d370a8e7ad57c72e67d950b2842360105d3074a3fdbcea6e6c\r\ngoogle: 241aab6bbfb5fe9294dd227b5834fc3837fc5c2a5cbccd3f66ca959052bd3b2e\r\ngoogle: 26dfeae63654feb8fe8c70f9d6fc87d748e3a302cf126210b38338bd5ed68fcc\r\ngoogle: 284c097b60e2e3cc65ae4047df57be15c0c9ee87e554c841b63e26bc7b0febbf\r\ngoogle: 288ffd4ceba91bcc4a95036014f7a7615911b12f88f03db8d70c47bf3db8f0d4\r\ngoogle: 289a5876bae1f28fd3817a7fc010e2dc2205372c0eeb957dcce009fa10b57bd9\r\ngoogle: 2bfdac333098b55eb4c9b65f2a6da758c2990338c39f1a4ba552ea4b34a9b742\r\nf6b546179d2b499e552e03001c2aa7c994f4c5e568113601dbab2dd7bbfb9429\r\nf9ea04b6d8254480741f4dffcd5c71361446c3151a88af728c8f02ded1662ebf\r\nfaba871c8af45b94a300400999aa3a26d8bc57f16095c5485d45c9a4bdd7e1db\r\nfb576ea0d43d21a3899535ef2fe7c03c477259a899a90b4a266af0a391273a0e\r\nfe09d6a7df1e5817d0f9c732c0a17bdf4d51f1967c7ec1b2871051af7fdad78a\r\nffab63f7037817aa5f7f627c3b31b8ba8e9ded16e0c07044d477110978dab519\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 5 of 17\n\nMalware: Hadglider (1)\r\nMalware: hadowHammer (1)\r\nMalware: HawkEye (7)\r\nMalware: HiddenWasp (1)\r\nMalware: Hightide (1)\r\nMalware: Hoaxcalls (1)\r\nMalware: HomamDownloader (1)\r\nMalware: HotCroissant (1)\r\nMalware: HttpBrowser RAT (1)\r\nMalware: IcedID (2)\r\nMalware: IndigoDrop (1)\r\nMalware: Industroyer2 (1)\r\nMalware: Invader (1)\r\nMalware: iqy (2)\r\nMalware: Joanap (1)\r\nMalware: Katrina (POS) (1)\r\nMalware: KerrDown (2)\r\nMalware: KeyBoy (2)\r\nMalware: Kovter (12)\r\nMalware: Kryptik (2)\r\nMalware: Kuluoz (11)\r\nMalware: Kwampirs (1)\r\nmalware: Lilith (1)\r\nMalware: LockerGoga (1)\r\nMalware: Locky (1)\r\nMalware: LODEINFO (3)\r\nMalware: LokiBot (14)\r\nMalware: LooCipher (2)\r\nMalware: LoudMiner (1)\r\nMalware: MadoMiner (1)\r\nMalware: Mailto (Ransomware)\r\n(1)\r\nMalware: MATA (Framework) (1)\r\nMalware: MegaCortex\r\n(Ransomware) (2)\r\nMalware: Mikey (2)\r\nMalware: Miner (1)\r\nMalware: Minzen (1)\r\nMalware: Miori (1)\r\nMalware: Mirai (2)\r\nMalware: Monokle (Android) (1)\r\nMalware: Mozi (1)\r\nMalware: MSGet downloader (1)\r\ngoogle: 2c8de9f78d25ec81d0408dea82a5e449f68c9cc9ffc8cca68efbbbddb9b7edda\r\ngoogle: 2cd386577165e39c36f5274488f6796b0e0634c33d42a9bbb432f58dc1096d60\r\ngoogle: 30a6e295d616c9c7a638530f4fcc4fc82c5496c8f69811eaf0df42904c2fd3b9\r\ngoogle: 314e16b5713ca7e8604d07a3e0058f46ebc373896ae0c19abae6a624908c2f68\r\ngoogle: 34c40cee6ec17b6b76249bea42dab11380310df0bb5f1fd687be5648025cf887\r\ngoogle: 35a6d3b91260ed94efca4566b5bcb123af0c6a06d11dc573b8a3788104350895\r\ngoogle: 36cdac5b539227bc6dc88842bbe351478662ef6118b9145dec62aabd2c47c9c8\r\ngoogle: 36d6f04bbb409bc6e74cf4d8bbc11f250789cb2de14e243ffe891b0f75145549\r\ngoogle: 38d3d9aabcba1130937b16b3661adea027d8a02ff9756c91c8cbfbb6a24f790e\r\ngoogle: 39ea5c8bdf1f5c3345de71b78e9894081559c5b90720542b3ef3afe8432b1a4f\r\ngoogle: 3b467fc5992d420c5ffdb029a7ad167a5cfabba251746f96414542f4bc7a4434\r\ngoogle: 3c6ddfec710fdc626eaedf335ef0d5e062b58bf2018c07cc4f86957dce84b15b\r\ngoogle: 3ce5510452f63e74f339c80c98dd358cb266952f0184db0bebf9b2621a81b32e\r\ngoogle: 3cf9f70a28656cb3d6c0ab960f89df9b2b5939e930edb8e11d46b2560ab460cd\r\ngoogle: 3e3b419541631e4f0d123993a1df52d49f3d2b9a484af44f5e302b3b4a58cc10\r\ngoogle: 40876cec2391304003e3792afd49b8c41981da0d8629b3edb7b7dd42dbf16e45\r\ngoogle: 4212be38eea8207fc0a3239a129af434b3b5bec2554a62838e38cfabffb9ce19\r\ngoogle: 42807830ede9edc495c8632210c8d7516c2b5f0e0d766e0a150f73dad9287e0c\r\ngoogle: 45d611f352993041e3da849597e9411f2d6682a65d6f324a474d4ad2b409cb3f\r\ngoogle: 47aecefb1b8c20d1ac705581fb84331aa96bac0ba11a9dd9dcb3afe782d662d3\r\ngoogle: 49fec94faae5ec209c8ab143088d8a2bc5359e71d14806ac035071c90c120d05\r\ngoogle: 4a1457a6589c201dd79c49e0a0d19b3b742c7ec9eb8703ee998fcfcbed118f10\r\ngoogle: 4d0ba946c29c97ca509b86ea952c284de0c3ba20018570c16a2c39f82a36f19d\r\ngoogle: 4df28f81d5c9e84d96137ff0a24c9902589af1f120742441ed49e68e601b9d87\r\ngoogle: 52a8a9afe1637e8faa39894d4b7ec8857aadec8c631469a982d5d0860a6f3511\r\ngoogle: 54c8ff32e714a1160235683a26bbf9cbaa267a45e20fa34544e9b9b3b2753cfc\r\ngoogle: 55cbedf65b3c49c4fd456beb9ba25b9e770d93a51fd303f15727b35d33b1cb9e\r\ngoogle: 593fc97f711838ebfc63823ebb1dca6278dc9a5fb4a209a3bcb0c664dfccdd06\r\ngoogle: 5a4a7e37686388fe6f887021e16ee2226a27263c329f98d1501426a8d7152630\r\ngoogle: 5b1a2c9072623434e5fa9147359ce67ea0ffd1f16ebcefc56670485f76084390\r\ngoogle: 5c0a052e9ffe8afaac94b01172fc79ae35567a2f54522f3af012bc3927c63276\r\ngoogle: 5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367\r\ngoogle: 5d282476a27409c1eaa8d68f46bcc69f3027840a87a16159c25c0e49e87d8f9a\r\ngoogle: 5d6920e744d44a0ed95b0e6dfb6daf1953a2b3ac288c9821d77455584229338f\r\ngoogle: 5eb57802b26631c22ed4ebe9f252cd22822a04a2f28a594aaf4bc4887d33caf5\r\ngoogle: 5f30f3669e954b028b8aaabd84449bf1ddec5ca25b9ca6308fc6b68dc131fe57\r\ngoogle: 61099171f2bce433e2a8cdb1d24811cc2f6c01b8d9f08f66f5023c97306aa9ca\r\ngoogle: 6215316b10db41cf8ed697605074fdf59fd5967e98c62f03476d845ca46ff69e\r\ngoogle: 631c71d88a3d0fdfbb22ed393eddc78276c0b4abc85e2d0163b4edd603306fd6\r\ngoogle: 6515a4b8f5447a644dd7c741ab062ac59b1b34bd1064435e0f43d282bd70e4d4\r\ngoogle: 67e554dda076f496727b9b08b7982f03e803533bdefb0b62c8562dc80bd3aa78\r\ngoogle: 6d35b01dbe014c6efc18d587c2be5e12617e1681cc670ba5c49fe7ead9de780e\r\ngoogle: 6e44875045594d2f22da11544c49336f6a242a1ad3e8eaeaf025cd61fb9e168a\r\ngoogle: 6ee2884c7dfcf85030e4c26e68b3d65a6a8dd3b502f895938fca86653bfa171e\r\ngoogle: 733e4c6232b380c449dc906b60f5f15d29c9d49c3912a173eff15cfb6232b383\r\ngoogle: 736657779bfe8a99b9f75e8aabb3d517427cf9f2ae18d5f0461fe0d3fbf50145\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 6 of 17\n\nMalware: Mylobot (1)\r\nMalware: NamelessHdoor (1)\r\nMalware: Nanocore (1)\r\nMalware: NavRAT (1)\r\nMalware: Neko (1)\r\nMalware: Nemucod (1)\r\nMalware: Neshta (2)\r\nMalware: NetTraveler / Travnet /\r\nNetfile (1)\r\nMalware: NetWire (10)\r\nMalware: NewCT2 (1)\r\nMalware: njRAT (14)\r\nMalware: Nymaim (15)\r\nMalware: ObliqueRAT (1)\r\nMalware: Odinaff (1)\r\nMalware: Olympic Destroyer (3)\r\nMalware: ONI / Globelmposter\r\n(Ransomware) (1)\r\nMalware: OnionDuke (1)\r\nMalware: Paradise (Ransomware)\r\n(1)\r\nMalware: Parite (1)\r\nMalware: Passwordstealera (1)\r\nMalware: PGMiner (1)\r\nMalware: PhantomLance (1)\r\nMalware: Phasebot (1)\r\nMalware: Phobos (Ransomware)\r\n(1)\r\nMalware: Phorpiex (4)\r\nMalware: PipeMon (1)\r\nMalware: PLEAD (2)\r\nMalware: PlugX (4)\r\nMalware: PoisonFrog (1)\r\nMalware: PoisonIvy (RAT) (1)\r\nMalware: Ponystealer (3)\r\nMalware: Powload (3)\r\nMalware: PyLocky (1)\r\nMalware: PyXie (2)\r\nMalware: Qakbot (11)\r\nMalware: QtLoader (1)\r\nMalware: Quasar (RAT) (3)\r\nMalware: Ramnit (6)\r\nMalware: Ranzy Locker\r\n(Ransomware) (1)\r\ngoogle: 73a3d35902745b2b3e46efa884f711f6aa490a7961105ed1d735ac0878fe8b26\r\ngoogle: 73afcfba2476ad0de83a180a50e169878c070f8ee17c72d0c8360706dcd32cd4\r\ngoogle: 740e254bf1030441581a1a90b84a34f770dc5ddacfc26f2bdcc21d1e1adf4117\r\ngoogle: 7861cf7ec016aeda6db3472bf572d50c377400c2c59ba0b37705569c95510f09\r\ngoogle: 7a45a4ae68992e5be784b4a6da7acd98dc28281fe238f22c1f7c1d85a90d144a\r\ngoogle: 7b6c382fd85e740ac83d88804b713bec5cccf42cb5ac55bc909d85d02a078921\r\ngoogle: 7bdf7c6ed58ab59b872e41a1da6c548c5a150546841c2f9179b242e112a05390\r\ngoogle: 7c55d7753e22562c77d1d20e48293a233d9fbf84a654a0236f3edb3491809219\r\ngoogle: 81cb83ad3095554ea36932e5c8ae2b96d013a19dadeb56e9f11ecba8eb804591\r\ngoogle: 8279ff428765065945ffcc854c7b89f1449bcab42a7f41c9a8db98fb23104981\r\ngoogle: 82f3d67830c3680b71059c04002f6a0ae0f20e82dd99bf877f37e753f1756eab\r\ngoogle: 85f391ecd480711401f6da2f371156f995dd5cff7580f37791e79e62b91fd9eb\r\ngoogle: 877fd840276394386ef9f1efe989cf5d95533c15229f2a5b4aa25fbefe553ba3\r\ngoogle: 887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d\r\ngoogle: 8897db876553f942b2eb4005f8475a232bafb82a50ca7761a621842e894a3d80\r\ngoogle: 89355cdc3fd592b2630764290edb340ba0c24b69d82231b4c444f098080b53f7\r\ngoogle: 8b04f39738a58cb4a46a13b50dcead651e1cc1a0e23caf8adf00bc6d3e6ba684\r\ngoogle: 8e8e911906e2881dab603fb446c1ca98eb989e4b1a933496b3c49e64e3d34d33\r\ngoogle: 8ed034f6b236f254e1f5f49e900398ff4c6b9a7914ce70fb0e29ef5a2b0799e1\r\ngoogle: 8f18111a4d45ecbcaa5d409afda01bff59a335f6e92895d3422f21465e6e070e\r\ngoogle: 90221dec6d92d6f76af0240d3968a8503e821955d3cc3acf30527bc8f2a65e9c\r\ngoogle: 9056ec1ee8d1b0124110e9798700e473fb7c31bc0656d9fc83ed0ac241746064\r\ngoogle: 905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a\r\ngoogle: 90d8e358f27ff85b40b5cee46d636d5390b868ffc05d068a36b29f2dce6c62f6\r\ngoogle: 912c405cf9506288c18984f92d66f1fd263b999c2f4a346a8e133dcb846560f9\r\ngoogle: 92b79542921cab76d001d785dceb5c4f55cfa9d3a51cbc99a3e2db1cce4892e6\r\ngoogle: 94e17b0d20a458b997a43d6c5aaee62454e1168080574c5e472cf152046d7540\r\ngoogle: 9551700ba4099618b7d89e375f508ce1dcf8c9838318017ddbe081c0cf0b4693\r\ngoogle: 95658de9198378e20deb453fc888083864ea189ccd87653a14e2c39c524e3d84\r\ngoogle: 96c6e2936ffc2797d86feaa19c912898e77dcb392df9808ed4a135f6cee99664\r\ngoogle: 97a1e14988672f7381d54e70785994ed45c2efe3da37e07be251a627f25078a7\r\ngoogle: 9b06c7ce8c21e3439650d0d6478f7ba35a63a61efe97496c8258963fb88181a2\r\ngoogle: 9d5416ae461d9c4bef4e674aee34bee263261e734d22c8c0053d37d5b3aba56c\r\ngoogle: a1849335f5a9d185c514f1b963de6c9599e375046292e07feb6fec30e26a4c54\r\ngoogle: a5d3b330150b5de4e2d484fefe7cbbcf0273aa5f043c3d54c83437785e6af1d5\r\ngoogle: a63d0089053e761e518698ef6cfad7cf480dd23a936812a23bded97279516b91\r\ngoogle: a8fa11b8402bcdcf1c6cae98dba90568fdf734ba4b083d68566b5adfa66c8327\r\ngoogle: aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772\r\ngoogle: abf625d0b4fc46a57d102a460d08f948203abb18bd8fc6b349f724825deafb32\r\ngoogle: ae255679f487e2e9075ffd5e8c7836dd425229c1e3bd40cfc46fbbceceec7cf4\r\ngoogle: afa42b2f92b076e1dae6257e27bd6cfeb2102fbe3da569f233bd6b85c0f88b8d\r\ngoogle: afe70907f37be1fa8285e5c2e9caa99d552c715244e731d17f681307b8515971\r\ngoogle: b0fd99793eb891f89de6b4757d10c8c58d3ee6e8139e2b594ac9f1116868f8ed\r\ngoogle: b1a0dcd29e184b3d71cf201ee04db44316390d6d45b3f13719dfad26a204498c\r\ngoogle: b26917a47ce0c19deae73f23bd8f26f6ee8ea0c307590e9d2b7a42aa9ddee297\r\ngoogle: b3392097a9028ec52686eee61e68a2431d2234e4453e7a08b9105b12e1053c12\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 7 of 17\n\nMalware: RarStar (1)\r\nMalware: Razy (15)\r\nMalware: RedLeaves (1)\r\nMalware: RedXOR (Linux) (1)\r\nMalware: Remcos (17)\r\nMalware: Remexi (1)\r\nMalware: Rocke (1)\r\nMalware: Rubella Macro Builder\r\n(1)\r\nMalware: Ruskill (1)\r\nMalware: Ryuk (2)\r\nMalware: Sage (1)\r\nMalware: Sagent (4)\r\nMalware: Sarbloh (Ransomware)\r\n(1)\r\nMalware: Scar (1)\r\nMalware: SDBbot (1)\r\nMalware: Shade (4)\r\nMalware: ShadowHammer (1)\r\nMalware: ShadowPad (1)\r\nMalware: Shipup (1)\r\nMalware: Shiz (3)\r\nMalware: Shlayer (Trojan) (1)\r\nMalware: Shrouded Crossbow (1)\r\nMalware: Silence (1)\r\nMalware: Siloscape (1)\r\nMalware: Sload (2)\r\nMalware: SLUB (1)\r\nMalware: SmokeLoader (1)\r\nMalware: Snake / EKANS\r\n(Ransomware) (5)\r\nMalware: Socks (3)\r\nMalware: SocStealer (1)\r\nMalware: Sora (IoT) (2)\r\nMalware: SpyEye (1)\r\nMalware: SpyNote RAT (1)\r\nMalware: Stantinko (1)\r\nMalware: StealthFalcon (1)\r\nMalware: Sunburst (1)\r\nMalware: SuperNova (Web Shell)\r\n(1)\r\nMalware: Swisyn (3)\r\nMalware: Sykipot (1)\r\nMalware: SymonLoader (1)\r\ngoogle: b349848b0357abd4be79b456e1019305c5105892eab768b85bc89da1932f3d22\r\ngoogle: b3955a0deb80e5bc5baed0002d7e2761e1b0d5165f02134ad7ee1151f91424bd\r\ngoogle: b4df0635436d46418aa93aa72244ab8090463611132d7804decfbc2fa1eff047\r\ngoogle: b4f397035d5d1c02011df84bc8a3fd9e3beea02808bd3f40335a2b8be50b114a\r\ngoogle: b70df428c04e69f3ac3aab97c93ca327eeff91005fc9a6b4a824caaae2df5f88\r\ngoogle: b73583872a08cfd1d301024fc4a64e4cba9a88a4413089fb1ee04257a9723e91\r\ngoogle: b935a4e4b589adb6cfffd67ae9400caef9f8e087a5943a5feaec21361693c606\r\ngoogle: b94ba37e5956e4880d7bcc1ff93419e73771416980f54b221e16701660e5571a\r\ngoogle: bad14e9954f35a8274869047146a6150b354bf917f6a55d5ff9698c6c87cd83e\r\ngoogle: bcd670fa6c4c943b3b4375d833adf8e0cc909ca98fb0c93414288e27dd80c2fa\r\ngoogle: bcdac1a2b67e2b47f8129814dca3bcf7d55404757eb09f1c3103f57da3153ec8\r\ngoogle: bcddb155313a76b05e4758c6071c3ff26b3c383d705c90c0015f68e7d11f504d\r\ngoogle: be7acff64e95605852c4a9a7be7d013e37d3975f59b2bad1381e1ef0f2fd0693\r\ngoogle: c1e90b1028c33a8296090bb4b280167b2af2bbe13a6505f0efa72fbaf47d6610\r\ngoogle: c5e591eb216820efc4887b2b2e2f956937e9aeb6422577f4710cd1d73709bf14\r\ngoogle: c9ad39666e0325af0db6ad5ceba49426989f1b79a1c7e948fd721041ea403b8b\r\ngoogle: cbbc0a5e557785549766d538fe3bc1625b91b40fa74b910a7e654abc7d0ed7cf\r\ngoogle: cd04bf5e9383f717975e4b2e901d04782c9cab00099a5ad06a8a9429bd4cf9a5\r\ngoogle: ce2b122a1204a1ab7effb52e7008661951bf192a1f184fe549a8bc09ee0df76e\r\ngoogle: cf7734c8606a472aa2dbd38a74a60dff4e8a5d00b05eb850de535a7019cc9904\r\ngoogle: cfe3628d6bd279b2d43dcf8e7d3898893ea24fd2bf757fc51b764c0393b45976\r\ngoogle: d0679c245e7fdc321f10aed472d7dd41cc13cbad9adbcceab1e378f61b02612d\r\ngoogle: d0759bb3342894677588eef9affe52779f1563cc8b5ee1c58ffe3f0360dab5aa\r\ngoogle: d3705a1fd6c1736aeabcae24bc6d247e6bcbe2168523b9788a22714fb165bfec\r\ngoogle: d6020b5e4a6dc0df5f6b1b38b5912ac5a623224cd1c64a934c678e1a88fc8c38\r\ngoogle: d83a6cddf932d129f49b871d8a42f8b1a885cbdc8ae3f44b215d409d8f7eaf05\r\ngoogle: d8cdf823efe1bd2ec019bd32890d40b34695cbf7ce9e0b7780e96f7d32b5b4fc\r\ngoogle: d9717e971ac44f6233b3f5854f9b264040250aa39d74bfa227a4b4602b6eb832\r\ngoogle: dab5af9b9a633ac329e40522341579a3ad6511ef293c1b6ce0274883af9fb9c9\r\ngoogle: db42110a03f606bf9196297933c9e0f5fed4a293d98ad3b47dc981a7da480f06\r\ngoogle: df068eb71951ff0950fbbc0595540818dd63d490e8f8ede46185ee75f20b0a72\r\ngoogle: e14257ac1f2ef19a21c7ef60c29b6dce9f63d198746d59046198fa254d9d3a54\r\ngoogle: e2431e102d6ac41f91216e4a8b2bd93a126cd6988254406fcdd95340e3a0a219\r\ngoogle: e38ae05677ea8137a432307214816e0c17fe22e42c2c4279e89d5019a4599acd\r\ngoogle: e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb\r\ngoogle: e44ba11de9be266b5a09e7159fa7783f1cf0b8a2714399402a215425e37a1cc9\r\ngoogle: e492d2f1c8d718a8ac06f15f3e21e1434d0ee1889c0b4023901bf5cc680668e8\r\ngoogle: e53da3060cb4574af7b763dea1f401f5180cda9d429e5df06b6a5d944829d4ff\r\ngoogle: e69c70c23563cfc4eb975611bac2514e7210dacd24fa07236856261d797ba05c\r\ngoogle: e96c47a7540c87778af38934d6c0a35a68d83fb1da80b9499480b7a8ffbdf5ed\r\ngoogle: eb557f64f52a6090a65c5415e47f4e99b0cb8fb9938d31863954ce84883fe730\r\ngoogle: ec1674ec04b9b12378198526546a43a19ad3720f5a57b9b420386a17cc0f8983\r\ngoogle: ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3\r\ngoogle: ed1dcf691183d593451e02d1e1b5ee8f1315b472efb9955f0a0158134dec29f4\r\ngoogle: ef4a97b17c24569454cd9d28a37fb7acdf947e6067052da6ec3ae40d8ce48a01\r\ngoogle: ef7a9166c63d90cd5a4c5c58cb458da4c967a2baab2ad433de0aa20dfbf568f7\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 8 of 17\n\nMalware: SynAck (1)\r\nmalware: SystemdMiner (2)\r\nMalware: Taidoor (4)\r\nMalware: Taleret (1)\r\nMalware: TeslaCrypt\r\n(ransomware) (8)\r\nMalware: Threebyte (1)\r\nMalware: ThunderX\r\n(Ramsomware) (1)\r\nMalware: Tick Downloader (1)\r\nMalware: Tinba (4)\r\nMalware: TinyBanker (3)\r\nMalware: Tofsee (26)\r\nMalware: TrickBot (15)\r\nMalware: Triton (1)\r\nMalware: TSCookie (3)\r\nMalware: TYPEFRAME (1)\r\nMalware: Unstable (IoT) (2)\r\nMalware: Upatre (11)\r\nMalware: Ursnif / Gozi /\r\nDreamBot / Snifula / Papras\r\n(Banking) (12)\r\nMalware: Ursu (2)\r\nMalware: Valyria (2)\r\nMalware: VBE downloader (1)\r\nMalware: VBShower (1)\r\nMalware: Vermin (RAT) (1)\r\nMalware: version RAT (1)\r\nMalware: VertexNet (1)\r\nMalware: Vobfus (7)\r\nMalware: Vools (Backddor) (1)\r\nMalware: WastedLocker\r\n(Ransomware) (3)\r\nMalware: Waterbear (1)\r\nMalware: WellMess / WellNess\r\n(1)\r\nMalware: WhisperGate (Wiper) (1)\r\nMalware: Winnti (1)\r\nMalware: WolfRAT (1)\r\nMalware: Xcnfe (1)\r\nMalware: xHelper (Android) (1)\r\nMalware: Xpaj (1)\r\nMalware: XpertRAT (1)\r\nMalware: Xpiro (5)\r\ngoogle: effa6018b4d8b48e59684dc66c64a08658e118a43715f6d0902d7c83db3902c0\r\ngoogle: f0520c25fd656c465dc55b5eada41dbd042f46be93fb3678d046ed9f6a90a149\r\ngoogle: f534550d7f45febddd4f73634e13870889e16d9347cb55dd5438a8d1859e3b01\r\ngoogle: f5d4366ffbf7ff84ee4ed8eb8ddda39fe78a41e9b0138baa9c0627c65c5934be\r\ngoogle: f6b546179d2b499e552e03001c2aa7c994f4c5e568113601dbab2dd7bbfb9429\r\ngoogle: f9ea04b6d8254480741f4dffcd5c71361446c3151a88af728c8f02ded1662ebf\r\ngoogle: faba871c8af45b94a300400999aa3a26d8bc57f16095c5485d45c9a4bdd7e1db\r\ngoogle: fb576ea0d43d21a3899535ef2fe7c03c477259a899a90b4a266af0a391273a0e\r\ngoogle: fe09d6a7df1e5817d0f9c732c0a17bdf4d51f1967c7ec1b2871051af7fdad78a\r\ngoogle: ffab63f7037817aa5f7f627c3b31b8ba8e9ded16e0c07044d477110978dab519\r\n【VT検索】\r\nhttps://www.virustotal.com/gui/file/0020227fd2d776c7dc1b29d78383792cc73390abc8cf9\r\n83069f655838bae79c2\r\nhttps://www.virustotal.com/gui/file/00be911b180e7c0693f746bd7c2ecb4846e3e7704421\r\n4c585d3bbba2fced618f\r\nhttps://www.virustotal.com/gui/file/00e55499c1fce017d25e27201f2919502797180264ef6\r\n7a6bc8da2f0b6fe89ac\r\nhttps://www.virustotal.com/gui/file/034ec5eb976e5243aa7df416b3657a0f84cf28dfdfa896\r\nac9f627631d64171d7\r\nhttps://www.virustotal.com/gui/file/038563215659a42d6d5b1009756716d969105e1f8515\r\n5d9d1a6ff4c4d691fb3b\r\nhttps://www.virustotal.com/gui/file/05a9ee3b90da5fcc6c4bb888125d00f36a150eb271f95\r\n6793ef1d74cf57d1493\r\nhttps://www.virustotal.com/gui/file/05e8b6895b8e332f0a5cd5cd8924f24259d2a07bd06ac\r\n8024e13e4ff1960b002\r\nhttps://www.virustotal.com/gui/file/061bdbf149adb99d3187ca21b6516ec0144711142bb7\r\nb97ee663261d9efe7560\r\nhttps://www.virustotal.com/gui/file/0840ac2be80386f26506916419dd46211ba4ae8db797\r\ne36b519945980d3d34f3\r\nhttps://www.virustotal.com/gui/file/08c2a598370400b6ae2e821bca121ef1ae2109c63ea5\r\n47f972c0ccc281bf958e\r\nhttps://www.virustotal.com/gui/file/0cbc11499a01fc3e712f30f5ce0ffa88d23f490846c1a4c\r\ne0e7f5812af12edcc\r\nhttps://www.virustotal.com/gui/file/0e0832d0970cc95d1ce326a8d59068cf5757b6720ef2f\r\n89411eafcb077117b32\r\nhttps://www.virustotal.com/gui/file/0e684b25abfe57646e5176ff7d139019de00deb105498\r\n4ba6a692c12abb15ca7\r\nhttps://www.virustotal.com/gui/file/1150850a7cc92b753cc9f51db547ea675f177ce290652\r\n368599a49cfa2826d34\r\nhttps://www.virustotal.com/gui/file/1346085caf84eedcd8437b31b6549aa3a5f88b168efc1\r\n65b67acde907d2ee691\r\nhttps://www.virustotal.com/gui/file/13f0cf420ca489ddf33ee7551251c27e0b80aeabb77c0\r\n82d164ceb3620ea89c7\r\nhttps://www.virustotal.com/gui/file/14c46c371127b3025ab7ee242f5f0b4e9397a39471004\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 9 of 17\n\nMalware: XtremeRAT (2)\r\nMalware: XXMM / Wali /\r\nShadowWalker / ShadowWali\r\n(RAT) (8)\r\nMalware: Yalink (1)\r\nMalware: YamaBot (1)\r\nMalware: Zbot (8)\r\nMalware: Zegost (3)\r\nMalware: ZeroAccess (8)\r\nMalware: Zeus (1)\r\nMalware: Zloader (1)\r\nMalware: Zusy (6)\r\nMutex (1)\r\nOperation: Cloud Hopper (2)\r\nOperation: Deputy Dog (2)\r\nOperation: Double Tap (1)\r\nOperation: ENDTRADE (1)\r\nOperation: LagTime IT (1)\r\nRansomware: Ranion (1)\r\nRansomware: Snatch (1)\r\nRansomware: WannaCry (1)\r\nYara Rule (3)\r\nアプリ: Jenkins (1)\r\nインシデント: 3·20電算大乱 /\r\n2013年韓国サイバー攻撃 (1)\r\nインシデント: Kaseya (1)\r\nスパムメール (1)\r\nセキュリティ企業: Kaspersky (1)\r\nセキュリティ企業: Trendmicro (3)\r\nセクストーション (1)\r\nツール: AceHash (1)\r\nツール: Ammyy Admin (1)\r\nツール: HTran (1)\r\nツール: MIMIKATZ (2)\r\nツール: Netcat (1)\r\nツール: PoshC2 (1)\r\nツール: PowerShell Empire (1)\r\nツール: RADMIN (1)\r\nツール: WCE (1)\r\nフィッシング (6)\r\nポリモーフィック型マルウエア\r\n(1)\r\nマルウェア種別: IoC (1)\r\nマルウェア種別: WebShell (1)\r\n657f247722e3b9d9951\r\nhttps://www.virustotal.com/gui/file/17652ca0a0674f3d33aadc5fc8aa83281a4c504a63b5a\r\n2b45a7ff06bf8db776a\r\nhttps://www.virustotal.com/gui/file/1858d80f6fdfc6ff796357d49d7c453a7cf17583dcc8d2d\r\n0c5be8a1695ad20f5\r\nhttps://www.virustotal.com/gui/file/189341461b49056358fe3b5d20558dc132d83fca43560\r\nac96dccce5994fdd0c6\r\nhttps://www.virustotal.com/gui/file/191f0099acaa6ae47654d43c94f40946301fe4684c629\r\n1e3a8b61f83d7fec948\r\nhttps://www.virustotal.com/gui/file/1ae6f7888789d427431fd69bd79a0059a6d1faee77a27\r\n1c0678f31b417a4dc87\r\nhttps://www.virustotal.com/gui/file/1b03c872c85b00b2ef2e2f9e5e3f85b703ee2190374d8\r\naaba4da065f54efd21f\r\nhttps://www.virustotal.com/gui/file/1b1b50285f7653c3e8e2190db2c3801ecaf1a1168f30fc\r\n38665f2715397c809b\r\nhttps://www.virustotal.com/gui/file/1c79ec0d27c6f554eb2385b3a22c8d14c8443706de9bc\r\n8db77384b5fdd01007d\r\nhttps://www.virustotal.com/gui/file/1dc737669cdc997dc3f43cbc2e38d31914610a348a746\r\n6d5106490df5fcb29ba\r\nhttps://www.virustotal.com/gui/file/2334c93c4f6ae3d370a8e7ad57c72e67d950b2842360\r\n105d3074a3fdbcea6e6c\r\nhttps://www.virustotal.com/gui/file/241aab6bbfb5fe9294dd227b5834fc3837fc5c2a5cbccd\r\n3f66ca959052bd3b2e\r\nhttps://www.virustotal.com/gui/file/26dfeae63654feb8fe8c70f9d6fc87d748e3a302cf1262\r\n10b38338bd5ed68fcc\r\nhttps://www.virustotal.com/gui/file/284c097b60e2e3cc65ae4047df57be15c0c9ee87e554c\r\n841b63e26bc7b0febbf\r\nhttps://www.virustotal.com/gui/file/288ffd4ceba91bcc4a95036014f7a7615911b12f88f03d\r\nb8d70c47bf3db8f0d4\r\nhttps://www.virustotal.com/gui/file/289a5876bae1f28fd3817a7fc010e2dc2205372c0eeb9\r\n57dcce009fa10b57bd9\r\nhttps://www.virustotal.com/gui/file/2bfdac333098b55eb4c9b65f2a6da758c2990338c39f1\r\na4ba552ea4b34a9b742\r\nhttps://www.virustotal.com/gui/file/2c8de9f78d25ec81d0408dea82a5e449f68c9cc9ffc8cc\r\na68efbbbddb9b7edda\r\nhttps://www.virustotal.com/gui/file/2cd386577165e39c36f5274488f6796b0e0634c33d42a\r\n9bbb432f58dc1096d60\r\nhttps://www.virustotal.com/gui/file/30a6e295d616c9c7a638530f4fcc4fc82c5496c8f69811\r\neaf0df42904c2fd3b9\r\nhttps://www.virustotal.com/gui/file/314e16b5713ca7e8604d07a3e0058f46ebc373896ae0\r\nc19abae6a624908c2f68\r\nhttps://www.virustotal.com/gui/file/34c40cee6ec17b6b76249bea42dab11380310df0bb5f1\r\nfd687be5648025cf887\r\nhttps://www.virustotal.com/gui/file/35a6d3b91260ed94efca4566b5bcb123af0c6a06d11dc\r\n573b8a3788104350895\r\nhttps://www.virustotal.com/gui/file/36cdac5b539227bc6dc88842bbe351478662ef6118b91\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 10 of 17\n\nマルウェア種別: キーロガー (1)\r\nメールアドレス (1)\r\n偽装手法: Heaven's Gate (1)\r\n偽装手法: Process Hollowing (1)\r\n偽装技術: ステガノグラフィ /\r\nSteganography (1)\r\n国: ロシア (1)\r\n国: 北朝鮮 (2)\r\n攻撃手法: Roaming Mantis (1)\r\n攻撃組織: Ammyy Admin (1)\r\n攻撃組織: APT10 / Menupass /\r\nStone Panda / Red Apollo / CVNX\r\n/ POTASSIUM (9)\r\n攻撃組織: APT27 / Emissary\r\nPanda / Bronze Union / TG-3390\r\n/ ZipToken / ARCHERFISH / Iron\r\nTiger (2)\r\n攻撃組織: APT28 / Sofacy /\r\nSednit / Fancy Bear / Tsar Team\r\n/ Strontium / Pawn Storm (4)\r\n攻撃組織: APT29 (2)\r\n攻撃組織: APT3 / UPS / Gothic\r\nPanda / Clandestine Fox / TG-0110 / Buckeye / Group 6 /\r\nBoyusec / Templar (1)\r\n攻撃組織: APT32 / OceanLotus\r\nGroup / APT-C-00 / SeaLotus (3)\r\n攻撃組織: APT34 / OilRig /\r\nPipefish / Greenbug / Helix\r\nKitten / Chafer / Chrysene /\r\nCrambus / Cobalt Gyp (6)\r\n攻撃組織: APT38 / Stardust\r\nChollima / (Temp.Hermit) (1)\r\n攻撃組織: APT40 / Leviathan /\r\nTEMP.Periscope / TEMP.Jumper\r\n(1)\r\n攻撃組織: BlackTech (4)\r\n攻撃組織: Cloud Atlas (1)\r\n攻撃組織: Crafty Panda (1)\r\n攻撃組織: DarkHotel (1)\r\n攻撃組織: DragonOK (1)\r\n攻撃組織: Exotic Lily (1)\r\n攻撃組織: Fin6 / ITG08 (2)\r\n攻撃組織: GOLD (1)\r\n攻撃組織: Higaisia (1)\r\n攻撃組織: Lazarus / Hidden\r\nCobra / Dark Seoul / Labyrinth\r\nChollima/ Group 77 / Hastati\r\nGroup (5)\r\n45dec62aabd2c47c9c8\r\nhttps://www.virustotal.com/gui/file/36d6f04bbb409bc6e74cf4d8bbc11f250789cb2de14e2\r\n43ffe891b0f75145549\r\nhttps://www.virustotal.com/gui/file/38d3d9aabcba1130937b16b3661adea027d8a02ff9756\r\nc91c8cbfbb6a24f790e\r\nhttps://www.virustotal.com/gui/file/39ea5c8bdf1f5c3345de71b78e9894081559c5b907205\r\n42b3ef3afe8432b1a4f\r\nhttps://www.virustotal.com/gui/file/3b467fc5992d420c5ffdb029a7ad167a5cfabba251746f\r\n96414542f4bc7a4434\r\nhttps://www.virustotal.com/gui/file/3c6ddfec710fdc626eaedf335ef0d5e062b58bf2018c07\r\ncc4f86957dce84b15b\r\nhttps://www.virustotal.com/gui/file/3ce5510452f63e74f339c80c98dd358cb266952f0184d\r\nb0bebf9b2621a81b32e\r\nhttps://www.virustotal.com/gui/file/3cf9f70a28656cb3d6c0ab960f89df9b2b5939e930edb8\r\ne11d46b2560ab460cd\r\nhttps://www.virustotal.com/gui/file/3e3b419541631e4f0d123993a1df52d49f3d2b9a484af\r\n44f5e302b3b4a58cc10\r\nhttps://www.virustotal.com/gui/file/40876cec2391304003e3792afd49b8c41981da0d8629\r\nb3edb7b7dd42dbf16e45\r\nhttps://www.virustotal.com/gui/file/4212be38eea8207fc0a3239a129af434b3b5bec2554a6\r\n2838e38cfabffb9ce19\r\nhttps://www.virustotal.com/gui/file/42807830ede9edc495c8632210c8d7516c2b5f0e0d766\r\ne0a150f73dad9287e0c\r\nhttps://www.virustotal.com/gui/file/45d611f352993041e3da849597e9411f2d6682a65d6f3\r\n24a474d4ad2b409cb3f\r\nhttps://www.virustotal.com/gui/file/47aecefb1b8c20d1ac705581fb84331aa96bac0ba11a9\r\ndd9dcb3afe782d662d3\r\nhttps://www.virustotal.com/gui/file/49fec94faae5ec209c8ab143088d8a2bc5359e71d1480\r\n6ac035071c90c120d05\r\nhttps://www.virustotal.com/gui/file/4a1457a6589c201dd79c49e0a0d19b3b742c7ec9eb87\r\n03ee998fcfcbed118f10\r\nhttps://www.virustotal.com/gui/file/4d0ba946c29c97ca509b86ea952c284de0c3ba200185\r\n70c16a2c39f82a36f19d\r\nhttps://www.virustotal.com/gui/file/4df28f81d5c9e84d96137ff0a24c9902589af1f1207424\r\n41ed49e68e601b9d87\r\nhttps://www.virustotal.com/gui/file/52a8a9afe1637e8faa39894d4b7ec8857aadec8c63146\r\n9a982d5d0860a6f3511\r\nhttps://www.virustotal.com/gui/file/54c8ff32e714a1160235683a26bbf9cbaa267a45e20fa\r\n34544e9b9b3b2753cfc\r\nhttps://www.virustotal.com/gui/file/55cbedf65b3c49c4fd456beb9ba25b9e770d93a51fd30\r\n3f15727b35d33b1cb9e\r\nhttps://www.virustotal.com/gui/file/593fc97f711838ebfc63823ebb1dca6278dc9a5fb4a209\r\na3bcb0c664dfccdd06\r\nhttps://www.virustotal.com/gui/file/5a4a7e37686388fe6f887021e16ee2226a27263c329f9\r\n8d1501426a8d7152630\r\nhttps://www.virustotal.com/gui/file/5b1a2c9072623434e5fa9147359ce67ea0ffd1f16ebcef\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 11 of 17\n\n攻撃組織: Lyceum / Hexane (1)\r\n攻撃組織: Mustang Panda (1)\r\n攻撃組織: Nickel (1)\r\n攻撃組織: Pitty Panda / Pitty\r\nTiger (1)\r\n攻撃組織: Sandworm /\r\nBlackEnergy / TeleBots / Voodoo\r\nBear (2)\r\n攻撃組織: Sodinokibi / REvil (1)\r\n攻撃組織: SWEED (2)\r\n攻撃組織: TA505 (4)\r\n攻撃組織: Taidoor (3)\r\n攻撃組織: Tick / Bronze Butler /\r\nNCPH / RedBaldKnight / The\r\nBald Knight Rises (38)\r\n攻撃組織: Tropic Trooper (1)\r\n攻撃組織: Winnti / APT41 /\r\nBlackfly / Suckfly / (Axiom) /\r\n(Group 72) (8)\r\n未対応 (9)\r\n脅迫サイト (1)\r\n脆弱性: CVE-2021-30116 (1)\r\n脆弱性: Exchange Server (2)\r\n脆弱性: ProxyLogon (3)\r\n資料: 1 週間における脅威のまと\r\nめ (8)\r\nc56670485f76084390\r\nhttps://www.virustotal.com/gui/file/5c0a052e9ffe8afaac94b01172fc79ae35567a2f54522f\r\n3af012bc3927c63276\r\nhttps://www.virustotal.com/gui/file/5cd04805f9753ca08b82e88c27bf5426d1d356bb26b28\r\n1885573051048911367\r\nhttps://www.virustotal.com/gui/file/5d282476a27409c1eaa8d68f46bcc69f3027840a87a16\r\n159c25c0e49e87d8f9a\r\nhttps://www.virustotal.com/gui/file/5d6920e744d44a0ed95b0e6dfb6daf1953a2b3ac288c9\r\n821d77455584229338f\r\nhttps://www.virustotal.com/gui/file/5eb57802b26631c22ed4ebe9f252cd22822a04a2f28a5\r\n94aaf4bc4887d33caf5\r\nhttps://www.virustotal.com/gui/file/5f30f3669e954b028b8aaabd84449bf1ddec5ca25b9ca\r\n6308fc6b68dc131fe57\r\nhttps://www.virustotal.com/gui/file/61099171f2bce433e2a8cdb1d24811cc2f6c01b8d9f08f\r\n66f5023c97306aa9ca\r\nhttps://www.virustotal.com/gui/file/6215316b10db41cf8ed697605074fdf59fd5967e98c62f\r\n03476d845ca46ff69e\r\nhttps://www.virustotal.com/gui/file/631c71d88a3d0fdfbb22ed393eddc78276c0b4abc85e2\r\nd0163b4edd603306fd6\r\nhttps://www.virustotal.com/gui/file/6515a4b8f5447a644dd7c741ab062ac59b1b34bd1064\r\n435e0f43d282bd70e4d4\r\nhttps://www.virustotal.com/gui/file/67e554dda076f496727b9b08b7982f03e803533bdefb0\r\nb62c8562dc80bd3aa78\r\nhttps://www.virustotal.com/gui/file/6d35b01dbe014c6efc18d587c2be5e12617e1681cc670\r\nba5c49fe7ead9de780e\r\nhttps://www.virustotal.com/gui/file/6e44875045594d2f22da11544c49336f6a242a1ad3e8e\r\naeaf025cd61fb9e168a\r\nhttps://www.virustotal.com/gui/file/6ee2884c7dfcf85030e4c26e68b3d65a6a8dd3b502f89\r\n5938fca86653bfa171e\r\nhttps://www.virustotal.com/gui/file/733e4c6232b380c449dc906b60f5f15d29c9d49c3912a\r\n173eff15cfb6232b383\r\nhttps://www.virustotal.com/gui/file/736657779bfe8a99b9f75e8aabb3d517427cf9f2ae18d\r\n5f0461fe0d3fbf50145\r\nhttps://www.virustotal.com/gui/file/73a3d35902745b2b3e46efa884f711f6aa490a7961105\r\ned1d735ac0878fe8b26\r\nhttps://www.virustotal.com/gui/file/73afcfba2476ad0de83a180a50e169878c070f8ee17c7\r\n2d0c8360706dcd32cd4\r\nhttps://www.virustotal.com/gui/file/740e254bf1030441581a1a90b84a34f770dc5ddacfc26f\r\n2bdcc21d1e1adf4117\r\nhttps://www.virustotal.com/gui/file/7861cf7ec016aeda6db3472bf572d50c377400c2c59ba\r\n0b37705569c95510f09\r\nhttps://www.virustotal.com/gui/file/7a45a4ae68992e5be784b4a6da7acd98dc28281fe238f\r\n22c1f7c1d85a90d144a\r\nhttps://www.virustotal.com/gui/file/7b6c382fd85e740ac83d88804b713bec5cccf42cb5ac5\r\n5bc909d85d02a078921\r\nhttps://www.virustotal.com/gui/file/7bdf7c6ed58ab59b872e41a1da6c548c5a150546841c2\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 12 of 17\n\nf9179b242e112a05390\r\nhttps://www.virustotal.com/gui/file/7c55d7753e22562c77d1d20e48293a233d9fbf84a654a\r\n0236f3edb3491809219\r\nhttps://www.virustotal.com/gui/file/81cb83ad3095554ea36932e5c8ae2b96d013a19dadeb\r\n56e9f11ecba8eb804591\r\nhttps://www.virustotal.com/gui/file/8279ff428765065945ffcc854c7b89f1449bcab42a7f41c\r\n9a8db98fb23104981\r\nhttps://www.virustotal.com/gui/file/82f3d67830c3680b71059c04002f6a0ae0f20e82dd99b\r\nf877f37e753f1756eab\r\nhttps://www.virustotal.com/gui/file/85f391ecd480711401f6da2f371156f995dd5cff7580f37\r\n791e79e62b91fd9eb\r\nhttps://www.virustotal.com/gui/file/877fd840276394386ef9f1efe989cf5d95533c15229f2a\r\n5b4aa25fbefe553ba3\r\nhttps://www.virustotal.com/gui/file/887aac61771af200f7e58bf0d02cb96d9befa11deda4e\r\n448f0a700ccb186ce9d\r\nhttps://www.virustotal.com/gui/file/8897db876553f942b2eb4005f8475a232bafb82a50ca7\r\n761a621842e894a3d80\r\nhttps://www.virustotal.com/gui/file/89355cdc3fd592b2630764290edb340ba0c24b69d822\r\n31b4c444f098080b53f7\r\nhttps://www.virustotal.com/gui/file/8b04f39738a58cb4a46a13b50dcead651e1cc1a0e23ca\r\nf8adf00bc6d3e6ba684\r\nhttps://www.virustotal.com/gui/file/8e8e911906e2881dab603fb446c1ca98eb989e4b1a93\r\n3496b3c49e64e3d34d33\r\nhttps://www.virustotal.com/gui/file/8ed034f6b236f254e1f5f49e900398ff4c6b9a7914ce70f\r\nb0e29ef5a2b0799e1\r\nhttps://www.virustotal.com/gui/file/8f18111a4d45ecbcaa5d409afda01bff59a335f6e92895\r\nd3422f21465e6e070e\r\nhttps://www.virustotal.com/gui/file/90221dec6d92d6f76af0240d3968a8503e821955d3cc3\r\nacf30527bc8f2a65e9c\r\nhttps://www.virustotal.com/gui/file/9056ec1ee8d1b0124110e9798700e473fb7c31bc0656\r\nd9fc83ed0ac241746064\r\nhttps://www.virustotal.com/gui/file/905ea119ad8d3e54cd228c458a1b5681abc1f35df7829\r\n77a23812ec4efa0288a\r\nhttps://www.virustotal.com/gui/file/90d8e358f27ff85b40b5cee46d636d5390b868ffc05d06\r\n8a36b29f2dce6c62f6\r\nhttps://www.virustotal.com/gui/file/912c405cf9506288c18984f92d66f1fd263b999c2f4a34\r\n6a8e133dcb846560f9\r\nhttps://www.virustotal.com/gui/file/92b79542921cab76d001d785dceb5c4f55cfa9d3a51cb\r\nc99a3e2db1cce4892e6\r\nhttps://www.virustotal.com/gui/file/94e17b0d20a458b997a43d6c5aaee62454e116808057\r\n4c5e472cf152046d7540\r\nhttps://www.virustotal.com/gui/file/9551700ba4099618b7d89e375f508ce1dcf8c98383180\r\n17ddbe081c0cf0b4693\r\nhttps://www.virustotal.com/gui/file/95658de9198378e20deb453fc888083864ea189ccd87\r\n653a14e2c39c524e3d84\r\nhttps://www.virustotal.com/gui/file/96c6e2936ffc2797d86feaa19c912898e77dcb392df980\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 13 of 17\n\n8ed4a135f6cee99664\r\nhttps://www.virustotal.com/gui/file/97a1e14988672f7381d54e70785994ed45c2efe3da37e\r\n07be251a627f25078a7\r\nhttps://www.virustotal.com/gui/file/9b06c7ce8c21e3439650d0d6478f7ba35a63a61efe974\r\n96c8258963fb88181a2\r\nhttps://www.virustotal.com/gui/file/9d5416ae461d9c4bef4e674aee34bee263261e734d22\r\nc8c0053d37d5b3aba56c\r\nhttps://www.virustotal.com/gui/file/a1849335f5a9d185c514f1b963de6c9599e375046292e\r\n07feb6fec30e26a4c54\r\nhttps://www.virustotal.com/gui/file/a5d3b330150b5de4e2d484fefe7cbbcf0273aa5f043c3d\r\n54c83437785e6af1d5\r\nhttps://www.virustotal.com/gui/file/a63d0089053e761e518698ef6cfad7cf480dd23a93681\r\n2a23bded97279516b91\r\nhttps://www.virustotal.com/gui/file/a8fa11b8402bcdcf1c6cae98dba90568fdf734ba4b083d\r\n68566b5adfa66c8327\r\nhttps://www.virustotal.com/gui/file/aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12\r\ncaeaf531c9dca129772\r\nhttps://www.virustotal.com/gui/file/abf625d0b4fc46a57d102a460d08f948203abb18bd8fc\r\n6b349f724825deafb32\r\nhttps://www.virustotal.com/gui/file/ae255679f487e2e9075ffd5e8c7836dd425229c1e3bd4\r\n0cfc46fbbceceec7cf4\r\nhttps://www.virustotal.com/gui/file/afa42b2f92b076e1dae6257e27bd6cfeb2102fbe3da56\r\n9f233bd6b85c0f88b8d\r\nhttps://www.virustotal.com/gui/file/afe70907f37be1fa8285e5c2e9caa99d552c715244e73\r\n1d17f681307b8515971\r\nhttps://www.virustotal.com/gui/file/b0fd99793eb891f89de6b4757d10c8c58d3ee6e8139e2\r\nb594ac9f1116868f8ed\r\nhttps://www.virustotal.com/gui/file/b1a0dcd29e184b3d71cf201ee04db44316390d6d45b3f\r\n13719dfad26a204498c\r\nhttps://www.virustotal.com/gui/file/b26917a47ce0c19deae73f23bd8f26f6ee8ea0c307590\r\ne9d2b7a42aa9ddee297\r\nhttps://www.virustotal.com/gui/file/b3392097a9028ec52686eee61e68a2431d2234e4453e\r\n7a08b9105b12e1053c12\r\nhttps://www.virustotal.com/gui/file/b349848b0357abd4be79b456e1019305c5105892eab7\r\n68b85bc89da1932f3d22\r\nhttps://www.virustotal.com/gui/file/b3955a0deb80e5bc5baed0002d7e2761e1b0d5165f02\r\n134ad7ee1151f91424bd\r\nhttps://www.virustotal.com/gui/file/b4df0635436d46418aa93aa72244ab8090463611132d\r\n7804decfbc2fa1eff047\r\nhttps://www.virustotal.com/gui/file/b4f397035d5d1c02011df84bc8a3fd9e3beea02808bd3\r\nf40335a2b8be50b114a\r\nhttps://www.virustotal.com/gui/file/b70df428c04e69f3ac3aab97c93ca327eeff91005fc9a6\r\nb4a824caaae2df5f88\r\nhttps://www.virustotal.com/gui/file/b73583872a08cfd1d301024fc4a64e4cba9a88a441308\r\n9fb1ee04257a9723e91\r\nhttps://www.virustotal.com/gui/file/b935a4e4b589adb6cfffd67ae9400caef9f8e087a5943a\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 14 of 17\n\n5feaec21361693c606\r\nhttps://www.virustotal.com/gui/file/b94ba37e5956e4880d7bcc1ff93419e73771416980f54\r\nb221e16701660e5571a\r\nhttps://www.virustotal.com/gui/file/bad14e9954f35a8274869047146a6150b354bf917f6a5\r\n5d5ff9698c6c87cd83e\r\nhttps://www.virustotal.com/gui/file/bcd670fa6c4c943b3b4375d833adf8e0cc909ca98fb0c9\r\n3414288e27dd80c2fa\r\nhttps://www.virustotal.com/gui/file/bcdac1a2b67e2b47f8129814dca3bcf7d55404757eb09\r\nf1c3103f57da3153ec8\r\nhttps://www.virustotal.com/gui/file/bcddb155313a76b05e4758c6071c3ff26b3c383d705c9\r\n0c0015f68e7d11f504d\r\nhttps://www.virustotal.com/gui/file/be7acff64e95605852c4a9a7be7d013e37d3975f59b2b\r\nad1381e1ef0f2fd0693\r\nhttps://www.virustotal.com/gui/file/c1e90b1028c33a8296090bb4b280167b2af2bbe13a65\r\n05f0efa72fbaf47d6610\r\nhttps://www.virustotal.com/gui/file/c5e591eb216820efc4887b2b2e2f956937e9aeb642257\r\n7f4710cd1d73709bf14\r\nhttps://www.virustotal.com/gui/file/c9ad39666e0325af0db6ad5ceba49426989f1b79a1c7e\r\n948fd721041ea403b8b\r\nhttps://www.virustotal.com/gui/file/cbbc0a5e557785549766d538fe3bc1625b91b40fa74b9\r\n10a7e654abc7d0ed7cf\r\nhttps://www.virustotal.com/gui/file/cd04bf5e9383f717975e4b2e901d04782c9cab00099a5\r\nad06a8a9429bd4cf9a5\r\nhttps://www.virustotal.com/gui/file/ce2b122a1204a1ab7effb52e7008661951bf192a1f184f\r\ne549a8bc09ee0df76e\r\nhttps://www.virustotal.com/gui/file/cf7734c8606a472aa2dbd38a74a60dff4e8a5d00b05eb\r\n850de535a7019cc9904\r\nhttps://www.virustotal.com/gui/file/cfe3628d6bd279b2d43dcf8e7d3898893ea24fd2bf757f\r\nc51b764c0393b45976\r\nhttps://www.virustotal.com/gui/file/d0679c245e7fdc321f10aed472d7dd41cc13cbad9adbc\r\nceab1e378f61b02612d\r\nhttps://www.virustotal.com/gui/file/d0759bb3342894677588eef9affe52779f1563cc8b5ee\r\n1c58ffe3f0360dab5aa\r\nhttps://www.virustotal.com/gui/file/d3705a1fd6c1736aeabcae24bc6d247e6bcbe2168523b\r\n9788a22714fb165bfec\r\nhttps://www.virustotal.com/gui/file/d6020b5e4a6dc0df5f6b1b38b5912ac5a623224cd1c64\r\na934c678e1a88fc8c38\r\nhttps://www.virustotal.com/gui/file/d83a6cddf932d129f49b871d8a42f8b1a885cbdc8ae3f4\r\n4b215d409d8f7eaf05\r\nhttps://www.virustotal.com/gui/file/d8cdf823efe1bd2ec019bd32890d40b34695cbf7ce9e0\r\nb7780e96f7d32b5b4fc\r\nhttps://www.virustotal.com/gui/file/d9717e971ac44f6233b3f5854f9b264040250aa39d74b\r\nfa227a4b4602b6eb832\r\nhttps://www.virustotal.com/gui/file/dab5af9b9a633ac329e40522341579a3ad6511ef293c1\r\nb6ce0274883af9fb9c9\r\nhttps://www.virustotal.com/gui/file/db42110a03f606bf9196297933c9e0f5fed4a293d98ad\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 15 of 17\n\n3b47dc981a7da480f06\r\nhttps://www.virustotal.com/gui/file/df068eb71951ff0950fbbc0595540818dd63d490e8f8ed\r\ne46185ee75f20b0a72\r\nhttps://www.virustotal.com/gui/file/e14257ac1f2ef19a21c7ef60c29b6dce9f63d198746d59\r\n046198fa254d9d3a54\r\nhttps://www.virustotal.com/gui/file/e2431e102d6ac41f91216e4a8b2bd93a126cd6988254\r\n406fcdd95340e3a0a219\r\nhttps://www.virustotal.com/gui/file/e38ae05677ea8137a432307214816e0c17fe22e42c2c\r\n4279e89d5019a4599acd\r\nhttps://www.virustotal.com/gui/file/e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7\r\nc98af9dae992222a8eb\r\nhttps://www.virustotal.com/gui/file/e44ba11de9be266b5a09e7159fa7783f1cf0b8a271439\r\n9402a215425e37a1cc9\r\nhttps://www.virustotal.com/gui/file/e492d2f1c8d718a8ac06f15f3e21e1434d0ee1889c0b4\r\n023901bf5cc680668e8\r\nhttps://www.virustotal.com/gui/file/e53da3060cb4574af7b763dea1f401f5180cda9d429e5\r\ndf06b6a5d944829d4ff\r\nhttps://www.virustotal.com/gui/file/e69c70c23563cfc4eb975611bac2514e7210dacd24fa0\r\n7236856261d797ba05c\r\nhttps://www.virustotal.com/gui/file/e96c47a7540c87778af38934d6c0a35a68d83fb1da80b\r\n9499480b7a8ffbdf5ed\r\nhttps://www.virustotal.com/gui/file/eb557f64f52a6090a65c5415e47f4e99b0cb8fb9938d3\r\n1863954ce84883fe730\r\nhttps://www.virustotal.com/gui/file/ec1674ec04b9b12378198526546a43a19ad3720f5a57\r\nb9b420386a17cc0f8983\r\nhttps://www.virustotal.com/gui/file/ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb\r\n613e203c590897079b3\r\nhttps://www.virustotal.com/gui/file/ed1dcf691183d593451e02d1e1b5ee8f1315b472efb99\r\n55f0a0158134dec29f4\r\nhttps://www.virustotal.com/gui/file/ef4a97b17c24569454cd9d28a37fb7acdf947e6067052\r\nda6ec3ae40d8ce48a01\r\nhttps://www.virustotal.com/gui/file/ef7a9166c63d90cd5a4c5c58cb458da4c967a2baab2ad\r\n433de0aa20dfbf568f7\r\nhttps://www.virustotal.com/gui/file/effa6018b4d8b48e59684dc66c64a08658e118a43715f\r\n6d0902d7c83db3902c0\r\nhttps://www.virustotal.com/gui/file/f0520c25fd656c465dc55b5eada41dbd042f46be93fb36\r\n78d046ed9f6a90a149\r\nhttps://www.virustotal.com/gui/file/f534550d7f45febddd4f73634e13870889e16d9347cb5\r\n5dd5438a8d1859e3b01\r\nhttps://www.virustotal.com/gui/file/f5d4366ffbf7ff84ee4ed8eb8ddda39fe78a41e9b0138b\r\naa9c0627c65c5934be\r\nhttps://www.virustotal.com/gui/file/f6b546179d2b499e552e03001c2aa7c994f4c5e568113\r\n601dbab2dd7bbfb9429\r\nhttps://www.virustotal.com/gui/file/f9ea04b6d8254480741f4dffcd5c71361446c3151a88af\r\n728c8f02ded1662ebf\r\nhttps://www.virustotal.com/gui/file/faba871c8af45b94a300400999aa3a26d8bc57f16095c\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 16 of 17\n\n« Blindingcan (2020/08/20) Zusy (2020/08/14) »\r\nはてなブログをはじめよう!\r\ntanigawaさんは、はてなブログを使っています。あなたもはてなブログをはじめてみませんか?\r\nはてなブログをはじめる(無料)\r\nはてなブログとは\r\n IoC (TT Malware Log)\r\nPowered by Hatena Blog | ブログを報告する\r\n5485d45c9a4bdd7e1db\r\nhttps://www.virustotal.com/gui/file/fb576ea0d43d21a3899535ef2fe7c03c477259a899a90\r\nb4a266af0a391273a0e\r\nhttps://www.virustotal.com/gui/file/fe09d6a7df1e5817d0f9c732c0a17bdf4d51f1967c7ec1\r\nb2871051af7fdad78a\r\nhttps://www.virustotal.com/gui/file/ffab63f7037817aa5f7f627c3b31b8ba8e9ded16e0c070\r\n44d477110978dab519\r\n谷川哲司 (id:tanigawa) 5年前 読者になる\r\nコメントを書く\r\nhttps://ioc.hatenablog.com/entry/2020/08/16/132853\r\nPage 17 of 17", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://ioc.hatenablog.com/entry/2020/08/16/132853" ], "report_names": [ "132853" ], "threat_actors": [ { "id": "aada2650-7bef-45e4-8371-18c4318a7056", "created_at": "2022-10-25T15:50:23.422502Z", "updated_at": "2026-04-10T02:00:05.278662Z", "deleted_at": null, "main_name": "Suckfly", "aliases": [ "Suckfly" ], "source_name": "MITRE:Suckfly", "tools": [ "Nidiran" ], "source_id": "MITRE", "reports": null }, { "id": "1dadf04e-d725-426f-9f6c-08c5be7da159", "created_at": "2022-10-25T15:50:23.624538Z", "updated_at": "2026-04-10T02:00:05.286895Z", "deleted_at": null, "main_name": "Darkhotel", "aliases": [ "Darkhotel", "DUBNIUM", "Zigzag Hail" ], "source_name": "MITRE:Darkhotel", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "ce10c1bd-4467-45f9-af83-28fc88e35ca4", "created_at": "2022-10-25T15:50:23.458833Z", "updated_at": "2026-04-10T02:00:05.419537Z", "deleted_at": null, "main_name": "APT34", "aliases": null, "source_name": "MITRE:APT34", "tools": [ "netstat", "Systeminfo", "PsExec", "SEASHARPEE", "Tasklist", "Mimikatz", "POWRUNER", "certutil" ], "source_id": "MITRE", "reports": null }, { "id": "cea5ceec-0f14-4e34-bd0e-4074bc1a707d", "created_at": "2022-10-25T15:50:23.629983Z", "updated_at": "2026-04-10T02:00:05.362084Z", "deleted_at": null, "main_name": "Axiom", "aliases": [ "Group 72" ], "source_name": "MITRE:Axiom", "tools": [ "ZxShell", "gh0st RAT", "Zox", "PlugX", "Hikit", "PoisonIvy", "Derusbi", "Hydraq" ], "source_id": "MITRE", "reports": null }, { "id": "62947fad-14d2-40bf-a721-b1fc2fbe5b5d", "created_at": "2025-08-07T02:03:24.741594Z", "updated_at": "2026-04-10T02:00:03.653394Z", "deleted_at": null, "main_name": "COBALT HICKMAN", "aliases": [ "APT39 ", "Burgundy Sandstorm ", "Chafer ", "ITG07 ", "Remix Kitten " ], "source_name": "Secureworks:COBALT HICKMAN", "tools": [ "MechaFlounder", "Mimikatz", "Remexi", "TREKX" ], "source_id": "Secureworks", "reports": null }, { "id": "42a6a29d-6b98-4fd6-a742-a45a0306c7b0", "created_at": "2022-10-25T15:50:23.710403Z", "updated_at": "2026-04-10T02:00:05.281246Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "Whisper Spider" ], "source_name": "MITRE:Silence", "tools": [ "Winexe", "SDelete" ], "source_id": "MITRE", "reports": null }, { "id": "7c053836-8f50-4d40-bc5c-7088967e1b57", "created_at": "2022-10-25T16:07:24.549525Z", "updated_at": "2026-04-10T02:00:05.03048Z", "deleted_at": null, "main_name": "Rocke", "aliases": [ "Aged Libra", "G0106", "Iron Group", "Rocke" ], "source_name": "ETDA:Rocke", "tools": [ "Godlua", "Kerberods", "LSD", "Pro-Ocean", "Xbash" ], "source_id": "ETDA", "reports": null }, { "id": "2150d1ac-edf0-46d4-a78a-a8899e45b2b5", "created_at": "2022-10-25T15:50:23.269339Z", "updated_at": "2026-04-10T02:00:05.402835Z", "deleted_at": null, "main_name": "APT17", "aliases": [ "APT17", "Deputy Dog" ], "source_name": "MITRE:APT17", "tools": [ "BLACKCOFFEE" ], "source_id": "MITRE", "reports": null }, { "id": "ec14074c-8517-40e1-b4d7-3897f1254487", "created_at": "2023-01-06T13:46:38.300905Z", "updated_at": "2026-04-10T02:00:02.918468Z", "deleted_at": null, "main_name": "APT10", "aliases": [ "Red Apollo", "HOGFISH", "BRONZE RIVERSIDE", "G0045", "TA429", "Purple Typhoon", "STONE PANDA", "Menupass Team", "happyyongzi", "CVNX", "Cloud Hopper", "ATK41", "Granite Taurus", "POTASSIUM" ], "source_name": "MISPGALAXY:APT10", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "cde987a8-c71f-49e2-b761-5b7fa2b4ada6", "created_at": "2022-10-25T16:07:23.706646Z", "updated_at": "2026-04-10T02:00:04.719127Z", "deleted_at": null, "main_name": "Hexane", "aliases": [ "ATK 120", "Cobalt Lyceum", "G1001", "Lyceum", "Operation Out to Sea", "Siamesekitten", "Yellow Dev 9" ], "source_name": "ETDA:Hexane", "tools": [ "DanBot", "DanDrop", "Decrypt-RDCMan.ps1", "Get-LAPSP.ps1", "James", "Milan", "kl.ps1" ], "source_id": "ETDA", "reports": null }, { "id": "af509bbb-8d18-4903-a9bd-9e94099c6b30", "created_at": "2023-01-06T13:46:38.585525Z", "updated_at": "2026-04-10T02:00:03.030833Z", "deleted_at": null, "main_name": "APT32", "aliases": [ "OceanLotus", "ATK17", "G0050", "APT-C-00", "APT-32", "Canvas Cyclone", "SeaLotus", "Ocean Buffalo", "OceanLotus Group", "Cobalt Kitty", "Sea Lotus", "APT 32", "POND LOACH", "TIN WOODLAWN", "Ocean Lotus" ], "source_name": "MISPGALAXY:APT32", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e58deb93-aff1-4be5-8deb-37fe8af0b7ed", "created_at": "2022-10-25T16:07:23.918534Z", "updated_at": "2026-04-10T02:00:04.789509Z", "deleted_at": null, "main_name": "Greenbug", "aliases": [ "Greenbug", "Volatile Kitten" ], "source_name": "ETDA:Greenbug", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "a4a3c2a4-992d-4ce6-8c97-e39b23da9a26", "created_at": "2022-10-25T16:07:24.242051Z", "updated_at": "2026-04-10T02:00:04.909353Z", "deleted_at": null, "main_name": "Suckfly", "aliases": [ "G0039" ], "source_name": "ETDA:Suckfly", "tools": [ "Backdoor.Nidiran", "Nidiran", "WCE", "Windows Credential Editor", "Windows Credentials Editor", "gsecdump", "smbscan" ], "source_id": "ETDA", "reports": null }, { "id": "71b19e59-b5f7-4bc6-816d-194be0f02af0", "created_at": "2022-10-25T16:07:24.301036Z", "updated_at": "2026-04-10T02:00:04.928222Z", "deleted_at": null, "main_name": "Taidoor", "aliases": [ "Budminer", "Earth Aughisky", "G0015" ], "source_name": "ETDA:Taidoor", "tools": [ "Dripion", "Masson", "Taidoor", "simbot" ], "source_id": "ETDA", "reports": null }, { "id": "34eea331-d052-4096-ae03-a22f1d090bd4", "created_at": "2025-08-07T02:03:25.073494Z", "updated_at": "2026-04-10T02:00:03.709243Z", "deleted_at": null, "main_name": "NICKEL ACADEMY", "aliases": [ "ATK3 ", "Black Artemis ", "COVELLITE ", "CTG-2460 ", "Citrine Sleet ", "Diamond Sleet ", "Guardians of Peace", "HIDDEN COBRA ", "High Anonymous", "Labyrinth Chollima ", "Lazarus Group ", "NNPT Group", "New Romanic Cyber Army Team", "Temp.Hermit ", "UNC577 ", "Who Am I?", "Whois Team", "ZINC " ], "source_name": "Secureworks:NICKEL ACADEMY", "tools": [ "Destover", "KorHigh", "Volgmer" ], "source_id": "Secureworks", "reports": null }, { "id": "12517c87-040a-4627-a3df-86ca95e5c13f", "created_at": "2022-10-25T16:07:23.61665Z", "updated_at": "2026-04-10T02:00:04.689Z", "deleted_at": null, "main_name": "FIN6", "aliases": [ "ATK 88", "Camouflage Tempest", "FIN6", "G0037", "Gold Franklin", "ITG08", "Skeleton Spider", "Storm-0538", "TAAL", "TAG-CR2", "White Giant" ], "source_name": "ETDA:FIN6", "tools": [ "AbaddonPOS", "Agentemis", "AmmyyRAT", "Anchor_DNS", "BlackPOS", "CmdSQL", "Cobalt Strike", "CobaltStrike", "FlawedAmmyy", "FrameworkPOS", "Grateful POS", "JSPSPY", "Kaptoxa", "LOLBAS", "LOLBins", "Living off the Land", "LockerGoga", "MMon", "Magecart", "Meterpreter", "Mimikatz", "More_eggs", "NeverQuest", "POSWDS", "Reedum", "Ryuk", "SCRAPMINT", "SONE", "SpicyOmelette", "StealerOne", "Taurus Loader Stealer Module", "Terra Loader", "TerraStealer", "Vawtrak", "WCE", "Windows Credential Editor", "Windows Credentials Editor", "cobeacon", "grabnew" ], "source_id": "ETDA", "reports": null }, { "id": "808d8d52-ca06-4a5f-a2c1-e7b1ce986680", "created_at": "2022-10-25T16:07:23.899157Z", "updated_at": "2026-04-10T02:00:04.782542Z", "deleted_at": null, "main_name": "NetTraveler", "aliases": [ "APT 21", "Hammer Panda", "NetTraveler", "TEMP.Zhenbao" ], "source_name": "ETDA:NetTraveler", "tools": [ "Agent.dhwf", "Destroy RAT", "DestroyRAT", "Kaba", "Korplug", "NetTraveler", "Netfile", "PlugX", "RedDelta", "Sogu", "TIGERPLUG", "TVT", "Thoper", "TravNet", "Xamtrav" ], "source_id": "ETDA", "reports": null }, { "id": "6241b9be-9c59-4164-a7f2-c45844b14a56", "created_at": "2023-01-06T13:46:38.321506Z", "updated_at": "2026-04-10T02:00:02.926657Z", "deleted_at": null, "main_name": "APT24", "aliases": [ "PITTY PANDA", "G0011", "Temp.Pittytiger" ], "source_name": "MISPGALAXY:APT24", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "77b28afd-8187-4917-a453-1d5a279cb5e4", "created_at": "2022-10-25T15:50:23.768278Z", "updated_at": "2026-04-10T02:00:05.266635Z", "deleted_at": null, "main_name": "Inception", "aliases": [ "Inception Framework", "Cloud Atlas" ], "source_name": "MITRE:Inception", "tools": [ "PowerShower", "VBShower", "LaZagne" ], "source_id": "MITRE", "reports": null }, { "id": "5ffe400c-6025-44c2-9aa1-7c34a7a192b0", "created_at": "2023-01-06T13:46:38.469688Z", "updated_at": "2026-04-10T02:00:02.987949Z", "deleted_at": null, "main_name": "DragonOK", "aliases": [ "Moafee", "BRONZE OVERBROOK", "G0017", "G0002", "Shallow Taurus" ], "source_name": "MISPGALAXY:DragonOK", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "810fada6-3a62-477e-ac11-2702f9a1ef80", "created_at": "2023-01-06T13:46:38.874104Z", "updated_at": "2026-04-10T02:00:03.129286Z", "deleted_at": null, "main_name": "STARDUST CHOLLIMA", "aliases": [ "Sapphire Sleet" ], "source_name": "MISPGALAXY:STARDUST CHOLLIMA", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "fe3d8dee-3bee-42e6-8f16-b6628b6189ae", "created_at": "2023-01-06T13:46:39.039285Z", "updated_at": "2026-04-10T02:00:03.193589Z", "deleted_at": null, "main_name": "SWEED", "aliases": [], "source_name": "MISPGALAXY:SWEED", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "4594f985-865e-4862-8047-2e80226e246a", "created_at": "2022-10-27T08:27:12.984825Z", "updated_at": "2026-04-10T02:00:05.293575Z", "deleted_at": null, "main_name": "EXOTIC LILY", "aliases": [ "EXOTIC LILY" ], "source_name": "MITRE:EXOTIC LILY", "tools": [ "Bazar" ], "source_id": "MITRE", "reports": null }, { "id": "c1eadfd8-6e9c-4024-902d-555c9530fcea", "created_at": "2023-01-06T13:46:38.645834Z", "updated_at": "2026-04-10T02:00:03.04985Z", "deleted_at": null, "main_name": "TEMP.Hermit", "aliases": [], "source_name": "MISPGALAXY:TEMP.Hermit", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "7ebda3c6-1789-4d84-97cf-47fb18a0cb28", "created_at": "2022-10-25T15:50:23.78829Z", "updated_at": "2026-04-10T02:00:05.415039Z", "deleted_at": null, "main_name": "DragonOK", "aliases": [ "DragonOK" ], "source_name": "MITRE:DragonOK", "tools": [ "PoisonIvy", "PlugX" ], "source_id": "MITRE", "reports": null }, { "id": "bbefc37d-475c-4d4d-b80b-7a55f896de82", "created_at": "2022-10-25T15:50:23.571783Z", "updated_at": "2026-04-10T02:00:05.302196Z", "deleted_at": null, "main_name": "BRONZE BUTLER", "aliases": [ "BRONZE BUTLER", "REDBALDKNIGHT" ], "source_name": "MITRE:BRONZE BUTLER", "tools": [ "Mimikatz", "build_downer", "cmd", "ABK", "at", "BBK", "schtasks", "down_new", "Daserf", "ShadowPad", "Windows Credential Editor", "gsecdump" ], "source_id": "MITRE", "reports": null }, { "id": "f8dddd06-da24-4184-9e24-4c22bdd1cbbf", "created_at": "2023-01-06T13:46:38.626906Z", "updated_at": "2026-04-10T02:00:03.043681Z", "deleted_at": null, "main_name": "Tick", "aliases": [ "G0060", "Stalker Taurus", "PLA Unit 61419", "Swirl Typhoon", "Nian", "BRONZE BUTLER", "REDBALDKNIGHT", "STALKER PANDA" ], "source_name": "MISPGALAXY:Tick", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "cffb3c01-038f-4527-9cfd-57ad5a035c22", "created_at": "2022-10-25T15:50:23.38055Z", "updated_at": "2026-04-10T02:00:05.258283Z", "deleted_at": null, "main_name": "OilRig", "aliases": [ "COBALT GYPSY", "IRN2", "APT34", "Helix Kitten", "Evasive Serpens", "Hazel Sandstorm", "EUROPIUM", "ITG13", "Earth Simnavaz", "Crambus", "TA452" ], "source_name": "MITRE:OilRig", "tools": [ "ISMInjector", "ODAgent", "RDAT", "Systeminfo", "QUADAGENT", "OopsIE", "ngrok", "Tasklist", "certutil", "ZeroCleare", "POWRUNER", "netstat", "Solar", "ipconfig", "LaZagne", "BONDUPDATER", "SideTwist", "OilBooster", "SampleCheck5000", "PsExec", "SEASHARPEE", "Mimikatz", "PowerExchange", "OilCheck", "RGDoor", "ftp" ], "source_id": "MITRE", "reports": null }, { "id": "870f6f62-84f5-48ca-a18e-cf2902cd6924", "created_at": "2022-10-25T15:50:23.303818Z", "updated_at": "2026-04-10T02:00:05.301184Z", "deleted_at": null, "main_name": "APT32", "aliases": [ "APT32", "SeaLotus", "OceanLotus", "APT-C-00", "Canvas Cyclone" ], "source_name": "MITRE:APT32", "tools": [ "Mimikatz", "ipconfig", "Kerrdown", "Cobalt Strike", "SOUNDBITE", "OSX_OCEANLOTUS.D", "KOMPROGO", "netsh", "RotaJakiro", "PHOREAL", "Arp", "Denis", "Goopy" ], "source_id": "MITRE", "reports": null }, { "id": "efa7c047-b61c-4598-96d5-e00d01dec96b", "created_at": "2022-10-25T16:07:23.404442Z", "updated_at": "2026-04-10T02:00:04.584239Z", "deleted_at": null, "main_name": "BlackTech", "aliases": [ "BlackTech", "Canary Typhoon", "Circuit Panda", "Earth Hundun", "G0098", "Manga Taurus", "Operation PLEAD", "Operation Shrouded Crossbow", "Operation Waterbear", "Palmerworm", "Radio Panda", "Red Djinn", "T-APT-03", "TEMP.Overboard" ], "source_name": "ETDA:BlackTech", "tools": [ "BIFROST", "BUSYICE", "BendyBear", "Bluether", "CAPGELD", "DRIGO", "Deuterbear", "Flagpro", "GOODTIMES", "Gh0stTimes", "IconDown", "KIVARS", "LOLBAS", "LOLBins", "Linopid", "Living off the Land", "TSCookie", "Waterbear", "XBOW", "elf.bifrose" ], "source_id": "ETDA", "reports": null }, { "id": "2646f776-792a-4498-967b-ec0d3498fdf1", "created_at": "2022-10-25T15:50:23.475784Z", "updated_at": "2026-04-10T02:00:05.269591Z", "deleted_at": null, "main_name": "BlackTech", "aliases": [ "BlackTech", "Palmerworm" ], "source_name": "MITRE:BlackTech", "tools": [ "Kivars", "PsExec", "TSCookie", "Flagpro", "Waterbear" ], "source_id": "MITRE", "reports": null }, { "id": "50bd4a6c-7542-4bdd-8b37-ab468fc428ef", "created_at": "2023-01-06T13:46:38.998658Z", "updated_at": "2026-04-10T02:00:03.176186Z", "deleted_at": null, "main_name": "Taidoor", "aliases": [ "G0015", "Earth Aughisky" ], "source_name": "MISPGALAXY:Taidoor", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "f2c53785-fb8b-460d-ba73-7fbfba36f0f5", "created_at": "2022-10-25T16:07:24.247949Z", "updated_at": "2026-04-10T02:00:04.911034Z", "deleted_at": null, "main_name": "Sweed", "aliases": [], "source_name": "ETDA:Sweed", "tools": [ "AgenTesla", "Agent Tesla", "AgentTesla", "ForeIT", "Formbook", "Loki", "Loki.Rat", "LokiBot", "LokiPWS", "Negasteal", "Origin Logger", "RDP", "Remote Desktop Protocol", "ZPAQ", "win.xloader" ], "source_id": "ETDA", "reports": null }, { "id": "7b039cc0-33b6-495a-b4ca-649d096b993d", "created_at": "2023-01-06T13:46:38.482654Z", "updated_at": "2026-04-10T02:00:02.99265Z", "deleted_at": null, "main_name": "APT22", "aliases": [ "G0039", "Suckfly", "BRONZE OLIVE", "Group 46" ], "source_name": "MISPGALAXY:APT22", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "16f2436b-5f84-44e3-a306-f1f9e92f7bea", "created_at": "2023-01-06T13:46:38.745572Z", "updated_at": "2026-04-10T02:00:03.086207Z", "deleted_at": null, "main_name": "APT40", "aliases": [ "ATK29", "Red Ladon", "MUDCARP", "ISLANDDREAMS", "TEMP.Periscope", "KRYPTONITE PANDA", "G0065", "TA423", "ITG09", "Gingham Typhoon", "TEMP.Jumper", "BRONZE MOHAWK", "GADOLINIUM" ], "source_name": "MISPGALAXY:APT40", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "13354d3f-3f40-44ec-b42a-3cda18809005", "created_at": "2022-10-25T15:50:23.275272Z", "updated_at": "2026-04-10T02:00:05.36519Z", "deleted_at": null, "main_name": "APT3", "aliases": [ "APT3", "Gothic Panda", "Pirpi", "UPS Team", "Buckeye", "Threat Group-0110", "TG-0110" ], "source_name": "MITRE:APT3", "tools": [ "OSInfo", "schtasks", "PlugX", "LaZagne", "SHOTPUT", "RemoteCMD" ], "source_id": "MITRE", "reports": null }, { "id": "a7df240e-6750-4b71-99de-85831b92faa2", "created_at": "2022-10-25T15:50:23.859253Z", "updated_at": "2026-04-10T02:00:05.285965Z", "deleted_at": null, "main_name": "HEXANE", "aliases": [ "Lyceum", "Siamesekitten", "Spirlin" ], "source_name": "MITRE:HEXANE", "tools": [ "Milan", "netstat", "BITSAdmin", "DnsSystem", "DanBot", "ipconfig", "Mimikatz", "Kevin", "PoshC2" ], "source_id": "MITRE", "reports": null }, { "id": "761d1fb2-60e3-46f0-9f1c-c8a9715967d4", "created_at": "2023-01-06T13:46:38.269054Z", "updated_at": "2026-04-10T02:00:02.90356Z", "deleted_at": null, "main_name": "APT3", "aliases": [ "GOTHIC PANDA", "TG-0110", "Buckeye", "Group 6", "Boyusec", "BORON", "BRONZE MAYFAIR", "Red Sylvan", "Brocade Typhoon" ], "source_name": "MISPGALAXY:APT3", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "5b748f86-ac32-4715-be9f-6cf25ae48a4e", "created_at": "2024-06-04T02:03:07.956135Z", "updated_at": "2026-04-10T02:00:03.689959Z", "deleted_at": null, "main_name": "IRON HEMLOCK", "aliases": [ "APT29 ", "ATK7 ", "Blue Kitsune ", "Cozy Bear ", "The Dukes", "UNC2452 ", "YTTRIUM " ], "source_name": "Secureworks:IRON HEMLOCK", "tools": [ "CosmicDuke", "CozyCar", "CozyDuke", "DiefenDuke", "FatDuke", "HAMMERTOSS", "LiteDuke", "MiniDuke", "OnionDuke", "PolyglotDuke", "RegDuke", "RegDuke Loader", "SeaDuke", "Sliver" ], "source_id": "Secureworks", "reports": null }, { "id": "2f07a03f-eb1f-47c8-a8e9-a1a00f2ec253", "created_at": "2022-10-25T16:07:24.277669Z", "updated_at": "2026-04-10T02:00:04.919609Z", "deleted_at": null, "main_name": "TA428", "aliases": [ "Operation LagTime IT", "Operation StealthyTrident", "ThunderCats" ], "source_name": "ETDA:TA428", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "Agent.dhwf", "Albaniiutas", "BlueTraveller", "Chymine", "Cotx RAT", "CoughingDown", "Darkmoon", "Destroy RAT", "DestroyRAT", "Gen:Trojan.Heur.PT", "Kaba", "Korplug", "LuckyBack", "PhantomNet", "PlugX", "Poison Ivy", "RedDelta", "RoyalRoad", "SManager", "SPIVY", "Sogu", "TIGERPLUG", "TManger", "TVT", "Thoper", "Xamtrav", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "b13c19d6-247d-47ba-86ba-15a94accc179", "created_at": "2024-05-01T02:03:08.149923Z", "updated_at": "2026-04-10T02:00:03.763147Z", "deleted_at": null, "main_name": "TUNGSTEN BRIDGE", "aliases": [ "APT-C-06 ", "ATK52 ", "CTG-1948 ", "DUBNIUM ", "DarkHotel ", "Fallout Team ", "Shadow Crane ", "Zigzag Hail " ], "source_name": "Secureworks:TUNGSTEN BRIDGE", "tools": [ "Nemim", "Tapaoux" ], "source_id": "Secureworks", "reports": null }, { "id": "48782737-377b-47b4-aff0-87424208a643", "created_at": "2023-01-06T13:46:38.569144Z", "updated_at": "2026-04-10T02:00:03.02685Z", "deleted_at": null, "main_name": "Blue Termite", "aliases": [ "Cloudy Omega", "Emdivi" ], "source_name": "MISPGALAXY:Blue Termite", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "905eabd9-2b7f-483d-86bd-0c72f96b4162", "created_at": "2023-01-06T13:46:39.02749Z", "updated_at": "2026-04-10T02:00:03.185957Z", "deleted_at": null, "main_name": "Rocke", "aliases": [ "Aged Libra" ], "source_name": "MISPGALAXY:Rocke", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "c94cb0e9-6fa9-47e9-a286-c9c9c9b23f4a", "created_at": "2023-01-06T13:46:38.823793Z", "updated_at": "2026-04-10T02:00:03.113045Z", "deleted_at": null, "main_name": "Roaming Mantis", "aliases": [ "Roaming Mantis Group" ], "source_name": "MISPGALAXY:Roaming Mantis", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e3492534-85a6-4c87-a754-5ae4a56d7c8c", "created_at": "2022-10-25T15:50:23.819113Z", "updated_at": "2026-04-10T02:00:05.354598Z", "deleted_at": null, "main_name": "Threat Group-3390", "aliases": [ "Threat Group-3390", "Earth Smilodon", "TG-3390", "Emissary Panda", "BRONZE UNION", "APT27", "Iron Tiger", "LuckyMouse", "Linen Typhoon" ], "source_name": "MITRE:Threat Group-3390", "tools": [ "Systeminfo", "gsecdump", "PlugX", "ASPXSpy", "Cobalt Strike", "Mimikatz", "Impacket", "gh0st RAT", "certutil", "China Chopper", "HTTPBrowser", "Tasklist", "netstat", "SysUpdate", "HyperBro", "ZxShell", "RCSession", "ipconfig", "Clambling", "pwdump", "NBTscan", "Pandora", "Windows Credential Editor" ], "source_id": "MITRE", "reports": null }, { "id": "04a7ebaa-ebb1-4971-b513-a0c86886d932", "created_at": "2023-01-06T13:46:38.784965Z", "updated_at": "2026-04-10T02:00:03.099088Z", "deleted_at": null, "main_name": "Inception Framework", "aliases": [ "Clean Ursa", "Cloud Atlas", "G0100", "ATK116", "Blue Odin" ], "source_name": "MISPGALAXY:Inception Framework", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "bee22874-f90e-410b-93f3-a2f9b1c2e695", "created_at": "2022-10-25T16:07:23.45097Z", "updated_at": "2026-04-10T02:00:04.610108Z", "deleted_at": null, "main_name": "Chafer", "aliases": [ "APT 39", "Burgundy Sandstorm", "Cobalt Hickman", "G0087", "ITG07", "Radio Serpens", "Remix Kitten", "TA454" ], "source_name": "ETDA:Chafer", "tools": [ "ASPXSpy", "ASPXTool", "Antak", "CACHEMONEY", "EternalBlue", "HTTPTunnel", "LOLBAS", "LOLBins", "Living off the Land", "MechaFlounder", "Metasploit", "Mimikatz", "NBTscan", "NSSM", "Non-sucking Service Manager", "POWBAT", "Plink", "PuTTY Link", "Rana", "Remcom", "Remexi", "RemoteCommandExecution", "SafetyKatz", "UltraVNC", "WCE", "Windows Credential Editor", "Windows Credentials Editor", "nbtscan", "pwdump" ], "source_id": "ETDA", "reports": null }, { "id": "ba9fa308-a29a-4928-9c06-73aafec7624c", "created_at": "2024-05-01T02:03:07.981061Z", "updated_at": "2026-04-10T02:00:03.750803Z", "deleted_at": null, "main_name": "BRONZE RIVERSIDE", "aliases": [ "APT10 ", "CTG-5938 ", "CVNX ", "Hogfish ", "MenuPass ", "MirrorFace ", "POTASSIUM ", "Purple Typhoon ", "Red Apollo ", "Stone Panda " ], "source_name": "Secureworks:BRONZE RIVERSIDE", "tools": [ "ANEL", "AsyncRAT", "ChChes", "Cobalt Strike", "HiddenFace", "LODEINFO", "PlugX", "PoisonIvy", "QuasarRAT", "QuasarRAT Loader", "RedLeaves" ], "source_id": "Secureworks", "reports": null }, { "id": "68cc6e37-f16d-4995-a75b-5e8e2a6cbb3d", "created_at": "2024-05-01T02:03:07.943593Z", "updated_at": "2026-04-10T02:00:03.795229Z", "deleted_at": null, "main_name": "BRONZE EDISON", "aliases": [ "APT4 ", "DarkSeoul", "Maverick Panda ", "Salmon Typhoon ", "Sodium ", "Sykipot ", "TG-0623 ", "getkys" ], "source_name": "Secureworks:BRONZE EDISON", "tools": [ "Gh0st RAT", "Wkysol", "ZxPortMap" ], "source_id": "Secureworks", "reports": null }, { "id": "0b02af5f-2027-42b7-a6f2-51e2fd49ba7f", "created_at": "2022-10-25T15:50:23.360509Z", "updated_at": "2026-04-10T02:00:05.337702Z", "deleted_at": null, "main_name": "Rocke", "aliases": [ "Rocke" ], "source_name": "MITRE:Rocke", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "478e9b27-39b9-49e4-a3c5-81569a767275", "created_at": "2022-10-25T15:50:23.417339Z", "updated_at": "2026-04-10T02:00:05.41593Z", "deleted_at": null, "main_name": "Taidoor", "aliases": [ "Taidoor" ], "source_name": "MITRE:Taidoor", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "8d76e350-dfb5-4733-800d-876de41f690d", "created_at": "2023-01-06T13:46:38.841887Z", "updated_at": "2026-04-10T02:00:03.119083Z", "deleted_at": null, "main_name": "DNSpionage", "aliases": [ "COBALT EDGEWATER" ], "source_name": "MISPGALAXY:DNSpionage", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "39842197-944a-49fd-9bec-eafa1807e0ea", "created_at": "2022-10-25T16:07:24.310589Z", "updated_at": "2026-04-10T02:00:04.931264Z", "deleted_at": null, "main_name": "TeleBots", "aliases": [], "source_name": "ETDA:TeleBots", "tools": [ "BadRabbit", "Black Energy", "BlackEnergy", "CredRaptor", "Diskcoder.C", "EternalPetya", "ExPetr", "Exaramel", "FakeTC", "Felixroot", "GreyEnergy", "GreyEnergy mini", "KillDisk", "LOLBAS", "LOLBins", "Living off the Land", "NonPetya", "NotPetya", "Nyetya", "Petna", "Petrwrap", "Pnyetya", "TeleBot", "TeleDoor", "Win32/KillDisk.NBB", "Win32/KillDisk.NBC", "Win32/KillDisk.NBD", "Win32/KillDisk.NBH", "Win32/KillDisk.NBI", "nPetya" ], "source_id": "ETDA", "reports": null }, { "id": "5e6b31a6-80e3-4e7d-8b0a-d94897ce9b59", "created_at": "2024-06-19T02:03:08.128175Z", "updated_at": "2026-04-10T02:00:03.636663Z", "deleted_at": null, "main_name": "GOLD TAHOE", "aliases": [ "Cl0P Group Identity", "FIN11 ", "GRACEFUL SPIDER ", "SectorJ04 ", "Spandex Tempest ", "TA505 " ], "source_name": "Secureworks:GOLD TAHOE", "tools": [ "Clop", "Cobalt Strike", "FlawedAmmy", "Get2", "GraceWire", "Malichus", "SDBbot", "ServHelper", "TrueBot" ], "source_id": "Secureworks", "reports": null }, { "id": "61ea51ed-a419-4b05-9241-5ab0dbba25fc", "created_at": "2023-01-06T13:46:38.354607Z", "updated_at": "2026-04-10T02:00:02.939761Z", "deleted_at": null, "main_name": "APT23", "aliases": [ "BRONZE HOBART", "G0081", "Red Orthrus", "Earth Centaur", "PIRATE PANDA", "KeyBoy", "Tropic Trooper" ], "source_name": "MISPGALAXY:APT23", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a241a1ca-2bc9-450b-a07b-aae747ee2710", "created_at": "2024-06-19T02:03:08.150052Z", "updated_at": "2026-04-10T02:00:03.737173Z", "deleted_at": null, "main_name": "IRON RITUAL", "aliases": [ "APT29", "Blue Dev 5 ", "BlueBravo ", "Cloaked Ursa ", "CozyLarch ", "Dark Halo ", "Midnight Blizzard ", "NOBELIUM ", "StellarParticle ", "UNC2452 " ], "source_name": "Secureworks:IRON RITUAL", "tools": [ "Brute Ratel C4", "Cobalt Strike", "EnvyScout", "GoldFinder", "GoldMax", "NativeZone", "RAINDROP", "SUNBURST", "Sibot", "TEARDROP", "VaporRage" ], "source_id": "Secureworks", "reports": null }, { "id": "b69037ec-2605-4de4-bb32-a20d780a8406", "created_at": "2023-01-06T13:46:38.790766Z", "updated_at": "2026-04-10T02:00:03.101635Z", "deleted_at": null, "main_name": "MUSTANG PANDA", "aliases": [ "Stately Taurus", "LuminousMoth", "TANTALUM", "Twill Typhoon", "TEMP.HEX", "Earth Preta", "Polaris", "BRONZE PRESIDENT", "HoneyMyte", "Red Lich", "TA416" ], "source_name": "MISPGALAXY:MUSTANG PANDA", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "25896473-161f-411f-b76a-f11bb26c96bd", "created_at": "2023-01-06T13:46:38.75749Z", "updated_at": "2026-04-10T02:00:03.090307Z", "deleted_at": null, "main_name": "CHRYSENE", "aliases": [ "Greenbug" ], "source_name": "MISPGALAXY:CHRYSENE", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "fb8f3a5f-01a9-498e-9396-52f844424c33", "created_at": "2023-01-06T13:46:39.045338Z", "updated_at": "2026-04-10T02:00:03.195743Z", "deleted_at": null, "main_name": "LYCEUM", "aliases": [ "Spirlin", "MYSTICDOME", "siamesekitten", "Chrono Kitten", "Storm-0133", "COBALT LYCEUM", "UNC1530" ], "source_name": "MISPGALAXY:LYCEUM", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "2b4eec94-7672-4bee-acb2-b857d0d26d12", "created_at": "2023-01-06T13:46:38.272109Z", "updated_at": "2026-04-10T02:00:02.906089Z", "deleted_at": null, "main_name": "DarkHotel", "aliases": [ "T-APT-02", "Nemim", "Nemin", "Shadow Crane", "G0012", "DUBNIUM", "Karba", "APT-C-06", "SIG25", "TUNGSTEN BRIDGE", "Zigzag Hail", "Fallout Team", "Luder", "Tapaoux", "ATK52" ], "source_name": "MISPGALAXY:DarkHotel", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "ea7bfe06-7c23-481d-b8ba-eafa6cda3bc9", "created_at": "2022-10-25T15:50:23.317961Z", "updated_at": "2026-04-10T02:00:05.280403Z", "deleted_at": null, "main_name": "FIN6", "aliases": [ "FIN6", "Magecart Group 6", "ITG08", "Skeleton Spider", "TAAL", "Camouflage Tempest" ], "source_name": "MITRE:FIN6", "tools": [ "FlawedAmmyy", "GrimAgent", "FrameworkPOS", "More_eggs", "Cobalt Strike", "Windows Credential Editor", "AdFind", "PsExec", "LockerGoga", "Ryuk", "Mimikatz" ], "source_id": "MITRE", "reports": null }, { "id": "bef7800a-a08f-4e21-b65c-4279c851e572", "created_at": "2022-10-25T15:50:23.409336Z", "updated_at": "2026-04-10T02:00:05.319608Z", "deleted_at": null, "main_name": "Tropic Trooper", "aliases": [ "Tropic Trooper", "Pirate Panda", "KeyBoy" ], "source_name": "MITRE:Tropic Trooper", "tools": [ "USBferry", "ShadowPad", "PoisonIvy", "BITSAdmin", "YAHOYAH", "KeyBoy" ], "source_id": "MITRE", "reports": null }, { "id": "c0cedde3-5a9b-430f-9b77-e6568307205e", "created_at": "2022-10-25T16:07:23.528994Z", "updated_at": "2026-04-10T02:00:04.642473Z", "deleted_at": null, "main_name": "DarkHotel", "aliases": [ "APT-C-06", "ATK 52", "CTG-1948", "Dubnium", "Fallout Team", "G0012", "G0126", "Higaisa", "Luder", "Operation DarkHotel", "Operation Daybreak", "Operation Inexsmar", "Operation PowerFall", "Operation The Gh0st Remains the Same", "Purple Pygmy", "SIG25", "Shadow Crane", "T-APT-02", "TieOnJoe", "Tungsten Bridge", "Zigzag Hail" ], "source_name": "ETDA:DarkHotel", "tools": [ "Asruex", "DarkHotel", "DmaUp3.exe", "GreezeBackdoor", "Karba", "Nemain", "Nemim", "Ramsay", "Retro", "Tapaoux", "Trojan.Win32.Karba.e", "Virus.Win32.Pioneer.dx", "igfxext.exe", "msieckc.exe" ], "source_id": "ETDA", "reports": null }, { "id": "75d4d6a9-b5d1-4087-a7a0-e4a9587c45f4", "created_at": "2022-10-25T15:50:23.5188Z", "updated_at": "2026-04-10T02:00:05.26565Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "TA505", "Hive0065", "Spandex Tempest", "CHIMBORAZO" ], "source_name": "MITRE:TA505", "tools": [ "AdFind", "Azorult", "FlawedAmmyy", "Mimikatz", "Dridex", "TrickBot", "Get2", "FlawedGrace", "Cobalt Strike", "ServHelper", "Amadey", "SDBbot", "PowerSploit" ], "source_id": "MITRE", "reports": null }, { "id": "4d5f939b-aea9-4a0e-8bff-003079a261ea", "created_at": "2023-01-06T13:46:39.04841Z", "updated_at": "2026-04-10T02:00:03.196806Z", "deleted_at": null, "main_name": "APT41", "aliases": [ "WICKED PANDA", "BRONZE EXPORT", "Brass Typhoon", "TG-2633", "Leopard Typhoon", "G0096", "Grayfly", "BARIUM", "BRONZE ATLAS", "Red Kelpie", "G0044", "Earth Baku", "TA415", "WICKED SPIDER", "HOODOO", "Winnti", "Double Dragon" ], "source_name": "MISPGALAXY:APT41", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a7aefdda-98f1-4790-a32d-14cc99de2d60", "created_at": "2023-01-06T13:46:38.281844Z", "updated_at": "2026-04-10T02:00:02.909711Z", "deleted_at": null, "main_name": "APT17", "aliases": [ "BRONZE KEYSTONE", "G0025", "Group 72", "G0001", "HELIUM", "Heart Typhoon", "Group 8", "AURORA PANDA", "Hidden Lynx", "Tailgater Team" ], "source_name": "MISPGALAXY:APT17", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e698860d-57e8-4780-b7c3-41e5a8314ec0", "created_at": "2022-10-25T15:50:23.287929Z", "updated_at": "2026-04-10T02:00:05.329769Z", "deleted_at": null, "main_name": "APT41", "aliases": [ "APT41", "Wicked Panda", "Brass Typhoon", "BARIUM" ], "source_name": "MITRE:APT41", "tools": [ "ASPXSpy", "BITSAdmin", "PlugX", "Impacket", "gh0st RAT", "netstat", "PowerSploit", "ZxShell", "KEYPLUG", "LightSpy", "ipconfig", "sqlmap", "China Chopper", "ShadowPad", "MESSAGETAP", "Mimikatz", "certutil", "njRAT", "Cobalt Strike", "pwdump", "BLACKCOFFEE", "MOPSLED", "ROCKBOOT", "dsquery", "Winnti for Linux", "DUSTTRAP", "Derusbi", "ftp" ], "source_id": "MITRE", "reports": null }, { "id": "7bd810cb-d674-4763-86eb-2cc182d24ea0", "created_at": "2022-10-25T16:07:24.1537Z", "updated_at": "2026-04-10T02:00:04.883793Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "APT 44", "ATK 14", "BE2", "Blue Echidna", "CTG-7263", "FROZENBARENTS", "G0034", "Grey Tornado", "IRIDIUM", "Iron Viking", "Quedagh", "Razing Ursa", "Sandworm", "Sandworm Team", "Seashell Blizzard", "TEMP.Noble", "UAC-0082", "UAC-0113", "UAC-0125", "UAC-0133", "Voodoo Bear" ], "source_name": "ETDA:Sandworm Team", "tools": [ "AWFULSHRED", "ArguePatch", "BIASBOAT", "Black Energy", "BlackEnergy", "CaddyWiper", "Colibri Loader", "Cyclops Blink", "CyclopsBlink", "DCRat", "DarkCrystal RAT", "Fobushell", "GOSSIPFLOW", "Gcat", "IcyWell", "Industroyer2", "JaguarBlade", "JuicyPotato", "Kapeka", "KillDisk.NCX", "LOADGRIP", "LOLBAS", "LOLBins", "Living off the Land", "ORCSHRED", "P.A.S.", "PassKillDisk", "Pitvotnacci", "PsList", "QUEUESEED", "RansomBoggs", "RottenPotato", "SOLOSHRED", "SwiftSlicer", "VPNFilter", "Warzone", "Warzone RAT", "Weevly" ], "source_id": "ETDA", "reports": null }, { "id": "b3acfb48-b04d-4d3d-88a8-836d7376fa2e", "created_at": "2024-06-19T02:03:08.052814Z", "updated_at": "2026-04-10T02:00:03.659971Z", "deleted_at": null, "main_name": "GOLD FRANKLIN", "aliases": [ "FIN6 ", "ITG08 ", "MageCart Group 6 ", "Skeleton Spider ", "Storm-0538 ", "White Giant " ], "source_name": "Secureworks:GOLD FRANKLIN", "tools": [ "FrameWorkPOS", "Metasploit", "Meterpreter", "Mimikatz", "PowerSploit", "PowerUpSQL", "RemCom" ], "source_id": "Secureworks", "reports": null }, { "id": "6fbff48b-7a3e-4e54-ac22-b10f11e32337", "created_at": "2022-10-25T16:07:23.318008Z", "updated_at": "2026-04-10T02:00:04.539063Z", "deleted_at": null, "main_name": "APT 4", "aliases": [ "APT 4", "Bronze Edison", "Maverick Panda", "Salmon Typhoo", "Sodium", "Sykipot", "TG-0623", "Wisp Team" ], "source_name": "ETDA:APT 4", "tools": [ "Getkys", "Sykipot", "Wkysol", "XMRig" ], "source_id": "ETDA", "reports": null }, { "id": "4632103e-8035-4a83-9ecb-c1e12e21288c", "created_at": "2022-10-25T16:07:23.542255Z", "updated_at": "2026-04-10T02:00:04.64888Z", "deleted_at": null, "main_name": "DNSpionage", "aliases": [], "source_name": "ETDA:DNSpionage", "tools": [ "Agent Drable", "AgentDrable", "CACTUSPIPE", "DNSpionage", "DropperBackdoor", "Karkoff", "MailDropper", "OILYFACE" ], "source_id": "ETDA", "reports": null }, { "id": "732597b1-40a8-474c-88cc-eb8a421c29f1", "created_at": "2025-08-07T02:03:25.087732Z", "updated_at": "2026-04-10T02:00:03.776007Z", "deleted_at": null, "main_name": "NICKEL GLADSTONE", "aliases": [ "APT38 ", "ATK 117 ", "Alluring Pisces ", "Black Alicanto ", "Bluenoroff ", "CTG-6459 ", "Citrine Sleet ", "HIDDEN COBRA ", "Lazarus Group", "Sapphire Sleet ", "Selective Pisces ", "Stardust Chollima ", "T-APT-15 ", "TA444 ", "TAG-71 " ], "source_name": "Secureworks:NICKEL GLADSTONE", "tools": [ "AlphaNC", "Bankshot", "CCGC_Proxy", "Ratankba", "RustBucket", "SUGARLOADER", "SwiftLoader", "Wcry" ], "source_id": "Secureworks", "reports": null }, { "id": "75024aad-424b-449a-b286-352fe9226bcb", "created_at": "2023-01-06T13:46:38.962724Z", "updated_at": "2026-04-10T02:00:03.164536Z", "deleted_at": null, "main_name": "BlackTech", "aliases": [ "CIRCUIT PANDA", "Temp.Overboard", "Palmerworm", "G0098", "T-APT-03", "Manga Taurus", "Earth Hundun", "Mobwork", "HUAPI", "Red Djinn", "Canary Typhoon" ], "source_name": "MISPGALAXY:BlackTech", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "83025f5e-302e-46b0-baf6-650a4d313dfc", "created_at": "2024-05-01T02:03:07.971863Z", "updated_at": "2026-04-10T02:00:03.743131Z", "deleted_at": null, "main_name": "BRONZE MOHAWK", "aliases": [ "APT40 ", "GADOLINIUM ", "Gingham Typhoon ", "Kryptonite Panda ", "Leviathan ", "Nanhaishu ", "Pickleworm ", "Red Ladon ", "TA423 ", "Temp.Jumper ", "Temp.Periscope " ], "source_name": "Secureworks:BRONZE MOHAWK", "tools": [ "AIRBREAK", "BlackCoffee", "China Chopper", "Cobalt Strike", "DadJoke", "Donut", "FUSIONBLAZE", "GreenCrash", "Meterpreter", "Nanhaishu", "Orz", "SeDll" ], "source_id": "Secureworks", "reports": null }, { "id": "c2ef6b18-12c4-4879-a408-be4c9b03eb6e", "created_at": "2022-10-25T16:07:24.055115Z", "updated_at": "2026-04-10T02:00:04.852387Z", "deleted_at": null, "main_name": "PittyTiger", "aliases": [ "G0011", "Operation The Eye of the Tiger", "Pitty Panda", "PittyTiger" ], "source_name": "ETDA:PittyTiger", "tools": [ "AngryRebel", "Chymine", "Darkmoon", "Enfal", "Farfli", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "Leo RAT", "Lurid", "Mimikatz", "Moudour", "Mydoor", "PCRat", "Paladin", "Paladin RAT", "Pitty", "PittyTiger RAT", "Poison Ivy", "ReRol", "SPIVY", "gsecdump", "pgift", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "386b1b0a-9217-46d4-a0d6-73d6286154e0", "created_at": "2025-08-07T02:03:24.760429Z", "updated_at": "2026-04-10T02:00:03.619131Z", "deleted_at": null, "main_name": "COBALT LYCEUM", "aliases": [ "DEV-0133 ", "HEXANE ", "ScorchedEpoch " ], "source_name": "Secureworks:COBALT LYCEUM", "tools": [ "DanBot", "MilanRAT", "RGDoor", "SharkWork RAT" ], "source_id": "Secureworks", "reports": null }, { "id": "31da1b1f-743b-40ef-bd17-1e07c5500392", "created_at": "2024-06-19T02:00:04.382822Z", "updated_at": "2026-04-10T02:00:03.655982Z", "deleted_at": null, "main_name": "UAC-0020", "aliases": [ "SickSync", "Vermin" ], "source_name": "MISPGALAXY:UAC-0020", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "eb5915d6-49a0-464d-9e4e-e1e2d3d31bc7", "created_at": "2025-03-29T02:05:20.764715Z", "updated_at": "2026-04-10T02:00:03.851829Z", "deleted_at": null, "main_name": "GOLD WYMAN", "aliases": [ "Silence " ], "source_name": "Secureworks:GOLD WYMAN", "tools": [ "Silence" ], "source_id": "Secureworks", "reports": null }, { "id": "67b2c161-5a04-4e3d-8ce7-cce457a4a17b", "created_at": "2025-08-07T02:03:24.722093Z", "updated_at": "2026-04-10T02:00:03.681914Z", "deleted_at": null, "main_name": "COBALT EDGEWATER", "aliases": [ "APT34 ", "Cold River ", "DNSpionage " ], "source_name": "Secureworks:COBALT EDGEWATER", "tools": [ "AgentDrable", "DNSpionage", "Karkoff", "MailDropper", "SideTwist", "TWOTONE" ], "source_id": "Secureworks", "reports": null }, { "id": "c786e025-c267-40bd-9491-328da70811a5", "created_at": "2025-08-07T02:03:24.736817Z", "updated_at": "2026-04-10T02:00:03.752071Z", "deleted_at": null, "main_name": "COBALT GYPSY", "aliases": [ "APT34 ", "CHRYSENE ", "Crambus ", "EUROPIUM ", "Hazel Sandstorm ", "Helix Kitten ", "ITG13 ", "OilRig ", "Yellow Maero " ], "source_name": "Secureworks:COBALT GYPSY", "tools": [ "Glimpse", "Helminth", "Jason", "MacDownloader", "PoisonFrog", "RGDoor", "ThreeDollars", "TinyZbot", "Toxocara", "Trichuris", "TwoFace" ], "source_id": "Secureworks", "reports": null }, { "id": "54e55585-1025-49d2-9de8-90fc7a631f45", "created_at": "2025-08-07T02:03:24.563488Z", "updated_at": "2026-04-10T02:00:03.715427Z", "deleted_at": null, "main_name": "BRONZE BUTLER", "aliases": [ "CTG-2006 ", "Daserf", "Stalker Panda ", "Swirl Typhoon ", "Tick " ], "source_name": "Secureworks:BRONZE BUTLER", "tools": [ "ABK", "BBK", "Casper", "DGet", "Daserf", "Datper", "Ghostdown", "Gofarer", "MSGet", "Mimikatz", "Netboy", "RarStar", "Screen Capture Tool", "ShadowPad", "ShadowPy", "T-SMB", "down_new", "gsecdump" ], "source_id": "Secureworks", "reports": null }, { "id": "a66438a8-ebf6-4397-9ad5-ed07f93330aa", "created_at": "2022-10-25T16:47:55.919702Z", "updated_at": "2026-04-10T02:00:03.618194Z", "deleted_at": null, "main_name": "IRON VIKING", "aliases": [ "APT44 ", "ATK14 ", "BlackEnergy Group", "Blue Echidna ", "CTG-7263 ", "ELECTRUM ", "FROZENBARENTS ", "Hades/OlympicDestroyer ", "IRIDIUM ", "Qudedagh ", "Sandworm Team ", "Seashell Blizzard ", "TEMP.Noble ", "Telebots ", "Voodoo Bear " ], "source_name": "Secureworks:IRON VIKING", "tools": [ "BadRabbit", "BlackEnergy", "GCat", "NotPetya", "PSCrypt", "TeleBot", "TeleDoor", "xData" ], "source_id": "Secureworks", "reports": null }, { "id": "3b93ef3c-2baf-429e-9ccc-fb80d0046c3b", "created_at": "2025-08-07T02:03:24.569066Z", "updated_at": "2026-04-10T02:00:03.730864Z", "deleted_at": null, "main_name": "BRONZE CANAL", "aliases": [ "BlackTech", "CTG-6177 ", "Circuit Panda ", "Earth Hundun", "Palmerworm ", "Red Djinn", "Shrouded Crossbow " ], "source_name": "Secureworks:BRONZE CANAL", "tools": [ "Bifrose", "DRIGO", "Deuterbear", "Flagpro", "Gh0stTimes", "KIVARS", "PLEAD", "Spiderpig", "Waterbear", "XBOW" ], "source_id": "Secureworks", "reports": null }, { "id": "2a24d664-6a72-4b4c-9f54-1553b64c453c", "created_at": "2025-08-07T02:03:24.553048Z", "updated_at": "2026-04-10T02:00:03.787296Z", "deleted_at": null, "main_name": "BRONZE ATLAS", "aliases": [ "APT41 ", "BARIUM ", "Blackfly ", "Brass Typhoon", "CTG-2633", "Earth Baku ", "GREF", "Group 72 ", "Red Kelpie ", "TA415 ", "TG-2633 ", "Wicked Panda ", "Winnti" ], "source_name": "Secureworks:BRONZE ATLAS", "tools": [ "Acehash", "CCleaner v5.33 backdoor", "ChinaChopper", "Cobalt Strike", "DUSTPAN", "Dicey MSDN", "Dodgebox", "ForkPlayground", "HUC Proxy Malware (Htran)" ], "source_id": "Secureworks", "reports": null }, { "id": "ee39ecf0-d311-49e5-b0ae-3e3d71f71def", "created_at": "2025-08-07T02:03:24.626625Z", "updated_at": "2026-04-10T02:00:03.605175Z", "deleted_at": null, "main_name": "BRONZE KEYSTONE", "aliases": [ "APT17 ", "Aurora Panda ", "DeputyDog ", "Group 72 ", "Hidden Lynx ", "TG-8153 ", "Tailgater Team" ], "source_name": "Secureworks:BRONZE KEYSTONE", "tools": [ "9002", "BlackCoffee", "DeputyDog", "Derusbi", "Gh0stHTTPSDropper", "HiKit", "InternalCMD", "PlugX", "PoisonIvy", "ZxShell" ], "source_id": "Secureworks", "reports": null }, { "id": "593dd07d-853c-46cd-8117-e24061034bbf", "created_at": "2025-08-07T02:03:24.648074Z", "updated_at": "2026-04-10T02:00:03.625859Z", "deleted_at": null, "main_name": "BRONZE OVERBROOK", "aliases": [ "Danti ", "DragonOK ", "Samurai Panda ", "Shallow Taurus ", "Temp.DragonOK " ], "source_name": "Secureworks:BRONZE OVERBROOK", "tools": [ "Aveo", "DDKONG", "Godzilla Webshell", "HelloBridge", "IsSpace", "NFLog Trojan", "PLAINTEE", "PlugX", "Rambo" ], "source_id": "Secureworks", "reports": null }, { "id": "6daadf00-952c-408a-89be-aa490d891743", "created_at": "2025-08-07T02:03:24.654882Z", "updated_at": "2026-04-10T02:00:03.645565Z", "deleted_at": null, "main_name": "BRONZE PRESIDENT", "aliases": [ "Earth Preta ", "HoneyMyte ", "Mustang Panda ", "Red Delta ", "Red Lich ", "Stately Taurus ", "TA416 ", "Temp.Hex ", "Twill Typhoon " ], "source_name": "Secureworks:BRONZE PRESIDENT", "tools": [ "BlueShell", "China Chopper", "Claimloader", "Cobalt Strike", "HIUPAN", "ORat", "PTSOCKET", "PUBLOAD", "PlugX", "RCSession", "TONESHELL", "TinyNote" ], "source_id": "Secureworks", "reports": null }, { "id": "cf826655-5fcb-4331-bdc5-5ef267db9d3c", "created_at": "2025-08-07T02:03:24.631402Z", "updated_at": "2026-04-10T02:00:03.608938Z", "deleted_at": null, "main_name": "BRONZE MAYFAIR", "aliases": [ "APT3 ", "Gothic Panda ", "Pirpi", "TG-0110 ", "UPSTeam" ], "source_name": "Secureworks:BRONZE MAYFAIR", "tools": [ "Cookiecutter", "HUC Proxy Malware (Htran)", "Pirpi", "PlugX", "SplitVPN", "UPS", "ctt", "ctx" ], "source_id": "Secureworks", "reports": null }, { "id": "1d63fba2-f042-41ca-8a72-64c6e737d295", "created_at": "2025-08-07T02:03:24.643647Z", "updated_at": "2026-04-10T02:00:03.719558Z", "deleted_at": null, "main_name": "BRONZE OLIVE", "aliases": [ "APT22 ", "Barista", "Group 46 ", "Suckfly " ], "source_name": "Secureworks:BRONZE OLIVE", "tools": [ "Angryrebel", "DestroyRAT", "PlugX" ], "source_id": "Secureworks", "reports": null }, { "id": "04b07437-41bb-4126-bcbb-def16f19d7c6", "created_at": "2022-10-25T16:07:24.232628Z", "updated_at": "2026-04-10T02:00:04.906097Z", "deleted_at": null, "main_name": "Stone Panda", "aliases": [ "APT 10", "ATK 41", "Bronze Riverside", "CTG-5938", "CVNX", "Cuckoo Spear", "Earth Kasha", "G0045", "G0093", "Granite Taurus", "Happyyongzi", "Hogfish", "ITG01", "Operation A41APT", "Operation Cache Panda", "Operation ChessMaster", "Operation Cloud Hopper", "Operation Cuckoo Spear", "Operation New Battle", "Operation Soft Cell", "Operation TradeSecret", "Potassium", "Purple Typhoon", "Red Apollo", "Stone Panda", "TA429", "menuPass", "menuPass Team" ], "source_name": "ETDA:Stone Panda", "tools": [ "Agent.dhwf", "Agentemis", "Anel", "AngryRebel", "BKDR_EVILOGE", "BKDR_HGDER", "BKDR_NVICM", "BUGJUICE", "CHINACHOPPER", "ChChes", "China Chopper", "Chymine", "CinaRAT", "Cobalt Strike", "CobaltStrike", "DARKTOWN", "DESLoader", "DILLJUICE", "DILLWEED", "Darkmoon", "DelfsCake", "Derusbi", "Destroy RAT", "DestroyRAT", "Ecipekac", "Emdivi", "EvilGrab", "EvilGrab RAT", "FYAnti", "Farfli", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "GreetCake", "HAYMAKER", "HEAVYHAND", "HEAVYPOT", "HTran", "HUC Packet Transmit Tool", "Ham Backdoor", "HiddenFace", "Impacket", "Invoke the Hash", "KABOB", "Kaba", "Korplug", "LODEINFO", "LOLBAS", "LOLBins", "Living off the Land", "MiS-Type", "Mimikatz", "Moudour", "Mydoor", "NBTscan", "NOOPDOOR", "Newsripper", "P8RAT", "PCRat", "PlugX", "Poison Ivy", "Poldat", "PowerSploit", "PowerView", "PsExec", "PsList", "Quarks PwDump", "Quasar RAT", "QuasarRAT", "RedDelta", "RedLeaves", "Rubeus", "SNUGRIDE", "SPIVY", "SharpSploit", "SigLoader", "SinoChopper", "SodaMaster", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trochilus RAT", "UpperCut", "Vidgrab", "WinRAR", "WmiExec", "Wmonder", "Xamtrav", "Yggdrasil", "Zlib", "certutil", "certutil.exe", "cobeacon", "dfls", "lena", "nbtscan", "pivy", "poisonivy", "pwdump" ], "source_id": "ETDA", "reports": null }, { "id": "c63ab035-f9f2-4723-959b-97a7b98b5942", "created_at": "2023-01-06T13:46:38.298354Z", "updated_at": "2026-04-10T02:00:02.917311Z", "deleted_at": null, "main_name": "APT27", "aliases": [ "BRONZE UNION", "Circle Typhoon", "Linen Typhoon", "TEMP.Hippo", "Budworm", "Lucky Mouse", "G0027", "GreedyTaotie", "Red Phoenix", "Iron Tiger", "Iron Taurus", "Earth Smilodon", "TG-3390", "EMISSARY PANDA", "Group 35", "ZipToken" ], "source_name": "MISPGALAXY:APT27", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "254f2fab-5834-4d90-9205-d80e63d6d867", "created_at": "2023-01-06T13:46:38.31544Z", "updated_at": "2026-04-10T02:00:02.924166Z", "deleted_at": null, "main_name": "APT21", "aliases": [ "HAMMER PANDA", "TEMP.Zhenbao", "NetTraveler" ], "source_name": "MISPGALAXY:APT21", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "46b3c0fc-fa0c-4d63-a38a-b33a524561fb", "created_at": "2023-01-06T13:46:38.393409Z", "updated_at": "2026-04-10T02:00:02.955738Z", "deleted_at": null, "main_name": "APT29", "aliases": [ "Cloaked Ursa", "TA421", "Blue Kitsune", "BlueBravo", "IRON HEMLOCK", "G0016", "Nobelium", "Group 100", "YTTRIUM", "Grizzly Steppe", "ATK7", "ITG11", "COZY BEAR", "The Dukes", "Minidionis", "UAC-0029", "SeaDuke" ], "source_name": "MISPGALAXY:APT29", "tools": [ "SNOWYAMBER", "HALFRIG", "QUARTERRIG" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "67709937-2186-4a32-b64c-a5693d40ac77", "created_at": "2023-01-06T13:46:38.495593Z", "updated_at": "2026-04-10T02:00:02.999196Z", "deleted_at": null, "main_name": "OilRig", "aliases": [ "Crambus", "Helix Kitten", "APT34", "IRN2", "ATK40", "G0049", "EUROPIUM", "TA452", "Twisted Kitten", "Cobalt Gypsy", "APT 34", "Evasive Serpens", "Hazel Sandstorm", "Earth Simnavaz" ], "source_name": "MISPGALAXY:OilRig", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6bba8e81-73af-4010-86dc-d43c408ca342", "created_at": "2023-01-06T13:46:38.553459Z", "updated_at": "2026-04-10T02:00:03.021597Z", "deleted_at": null, "main_name": "Greenbug", "aliases": [], "source_name": "MISPGALAXY:Greenbug", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "578f8e62-2bb4-4ce4-a8b7-6c868fa29724", "created_at": "2022-10-25T16:07:24.344358Z", "updated_at": "2026-04-10T02:00:04.947834Z", "deleted_at": null, "main_name": "Tropic Trooper", "aliases": [ "APT 23", "Bronze Hobart", "Earth Centaur", "G0081", "KeyBoy", "Operation Tropic Trooper", "Pirate Panda", "Tropic Trooper" ], "source_name": "ETDA:Tropic Trooper", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "ByPassGodzilla", "CHINACHOPPER", "CREDRIVER", "China Chopper", "Chymine", "Darkmoon", "Gen:Trojan.Heur.PT", "KeyBoy", "Neo-reGeorg", "PCShare", "POISONPLUG.SHADOW", "Poison Ivy", "RoyalRoad", "SPIVY", "ShadowPad Winnti", "SinoChopper", "Swor", "TSSL", "USBferry", "W32/Seeav", "Winsloader", "XShellGhost", "Yahoyah", "fscan", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "56384d06-abc2-4853-8440-db4d7b7d1b5f", "created_at": "2023-01-06T13:46:39.367122Z", "updated_at": "2026-04-10T02:00:03.303733Z", "deleted_at": null, "main_name": "EXOTIC LILY", "aliases": [ "DEV-0413" ], "source_name": "MISPGALAXY:EXOTIC LILY", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "86182dd7-646c-49c5-91a6-4b62fd2119a7", "created_at": "2025-08-07T02:03:24.617638Z", "updated_at": "2026-04-10T02:00:03.738499Z", "deleted_at": null, "main_name": "BRONZE HOBART", "aliases": [ "APT23", "Earth Centaur ", "KeyBoy ", "Pirate Panda ", "Red Orthrus ", "TA413 ", "Tropic Trooper " ], "source_name": "Secureworks:BRONZE HOBART", "tools": [ "Crowdoor", "DSNGInstaller", "KeyBoy", "LOWZERO", "Mofu", "Pfine", "Sepulcher", "Xiangoop Loader", "Yahaoyah" ], "source_id": "Secureworks", "reports": null }, { "id": "59be3740-c8c7-47aa-84c8-e80d0cb7ea3a", "created_at": "2022-10-25T15:50:23.481057Z", "updated_at": "2026-04-10T02:00:05.306469Z", "deleted_at": null, "main_name": "Leviathan", "aliases": [ "MUDCARP", "Kryptonite Panda", "Gadolinium", "BRONZE MOHAWK", "TEMP.Jumper", "APT40", "TEMP.Periscope", "Gingham Typhoon" ], "source_name": "MITRE:Leviathan", "tools": [ "Windows Credential Editor", "BITSAdmin", "HOMEFRY", "Derusbi", "at", "BLACKCOFFEE", "BADFLICK", "gh0st RAT", "PowerSploit", "MURKYTOP", "NanHaiShu", "Orz", "Cobalt Strike", "China Chopper" ], "source_id": "MITRE", "reports": null }, { "id": "ba3fff0c-3ba0-4855-9eeb-1af9ee18136a", "created_at": "2022-10-25T15:50:23.298889Z", "updated_at": "2026-04-10T02:00:05.316886Z", "deleted_at": null, "main_name": "menuPass", "aliases": [ "menuPass", "POTASSIUM", "Stone Panda", "APT10", "Red Apollo", "CVNX", "HOGFISH", "BRONZE RIVERSIDE" ], "source_name": "MITRE:menuPass", "tools": [ "certutil", "FYAnti", "UPPERCUT", "SNUGRIDE", "P8RAT", "RedLeaves", "SodaMaster", "pwdump", "Mimikatz", "PlugX", "PowerSploit", "ChChes", "cmd", "QuasarRAT", "AdFind", "Cobalt Strike", "PoisonIvy", "EvilGrab", "esentutl", "Impacket", "Ecipekac", "PsExec", "HUI Loader" ], "source_id": "MITRE", "reports": null }, { "id": "ee3363a4-e807-4f95-97d8-b603c31b9de1", "created_at": "2023-01-06T13:46:38.485884Z", "updated_at": "2026-04-10T02:00:02.99385Z", "deleted_at": null, "main_name": "FIN6", "aliases": [ "SKELETON SPIDER", "ITG08", "MageCart Group 6", "ATK88", "TA4557", "Storm-0538", "White Giant", "GOLD FRANKLIN", "G0037", "Camouflage Tempest" ], "source_name": "MISPGALAXY:FIN6", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "5c74936a-79d1-41b8-81eb-01d03c90a26b", "created_at": "2022-10-25T16:07:23.371052Z", "updated_at": "2026-04-10T02:00:04.570621Z", "deleted_at": null, "main_name": "Axiom", "aliases": [ "G0001", "Group 72", "Operation SMN" ], "source_name": "ETDA:Axiom", "tools": [ "9002 RAT", "Agent.dhwf", "AngryRebel", "BlackCoffee", "BleDoor", "Chymine", "Darkmoon", "DeputyDog", "Derusbi", "Destroy RAT", "DestroyRAT", "Farfli", "Fexel", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "Gresim", "HOMEUNIX", "HiKit", "HidraQ", "Homux", "Hydraq", "Kaba", "Korplug", "McRAT", "MdmBot", "Moudour", "Mydoor", "PCRat", "PNGRAT", "PlugX", "Poison Ivy", "RbDoor", "RedDelta", "RibDoor", "Roarur", "SPIVY", "Sensocode", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Winnti", "Xamtrav", "ZXShell", "Zox", "ZoxPNG", "ZoxRPC", "gresim", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "340d1673-0678-4e1f-8b75-30da2f65cc80", "created_at": "2022-10-25T16:07:23.552036Z", "updated_at": "2026-04-10T02:00:04.653109Z", "deleted_at": null, "main_name": "DragonOK", "aliases": [ "Bronze Overbrook", "G0017", "Shallow Taurus" ], "source_name": "ETDA:DragonOK", "tools": [ "Agent.dhwf", "CT", "Chymine", "Darkmoon", "Destroy RAT", "DestroyRAT", "FF-RAT", "FormerFirstRAT", "Gen:Trojan.Heur.PT", "HTran", "HUC Packet Transmit Tool", "HelloBridge", "IsSpace", "KHRAT", "Kaba", "Korplug", "Mongall", "NFlog", "NewCT", "NfLog RAT", "PlugX", "Poison Ivy", "Rambo", "RedDelta", "SPIVY", "Sogu", "SysGet", "TIGERPLUG", "TVT", "Thoper", "TidePool", "Xamtrav", "brebsd", "ffrat", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "730dfa6e-572d-473c-9267-ea1597d1a42b", "created_at": "2023-01-06T13:46:38.389985Z", "updated_at": "2026-04-10T02:00:02.954105Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "Pawn Storm", "ATK5", "Fighting Ursa", "Blue Athena", "TA422", "T-APT-12", "APT-C-20", "UAC-0001", "IRON TWILIGHT", "SIG40", "UAC-0028", "Sofacy", "BlueDelta", "Fancy Bear", "GruesomeLarch", "Group 74", "ITG05", "FROZENLAKE", "Forest Blizzard", "FANCY BEAR", "Sednit", "SNAKEMACKEREL", "Tsar Team", "TG-4127", "STRONTIUM", "Grizzly Steppe", "G0007" ], "source_name": "MISPGALAXY:APT28", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a2b92056-9378-4749-926b-7e10c4500dac", "created_at": "2023-01-06T13:46:38.430595Z", "updated_at": "2026-04-10T02:00:02.971571Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Operation DarkSeoul", "Bureau 121", "Group 77", "APT38", "NICKEL GLADSTONE", "G0082", "COPERNICIUM", "Moonstone Sleet", "Operation GhostSecret", "APT 38", "Appleworm", "Unit 121", "ATK3", "G0032", "ATK117", "NewRomanic Cyber Army Team", "Nickel Academy", "Sapphire Sleet", "Lazarus group", "Hastati Group", "Subgroup: Bluenoroff", "Operation Troy", "Black Artemis", "Dark Seoul", "Andariel", "Labyrinth Chollima", "Operation AppleJeus", "COVELLITE", "Citrine Sleet", "DEV-0139", "DEV-1222", "Hidden Cobra", "Bluenoroff", "Stardust Chollima", "Whois Hacking Team", "Diamond Sleet", "TA404", "BeagleBoyz", "APT-C-26" ], "source_name": "MISPGALAXY:Lazarus Group", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "f9bc28d0-ce98-4991-84ae-5036e5f9d4e3", "created_at": "2022-10-25T16:07:24.546437Z", "updated_at": "2026-04-10T02:00:05.029564Z", "deleted_at": null, "main_name": "Roaming Mantis", "aliases": [ "Roaming Mantis Group", "Shaoye" ], "source_name": "ETDA:Roaming Mantis", "tools": [ "MoqHao", "Roaming Mantis", "SmsSpy", "Wroba", "XLoader" ], "source_id": "ETDA", "reports": null }, { "id": "7d5531e2-0ad1-4237-beed-af009035576f", "created_at": "2024-05-01T02:03:07.977868Z", "updated_at": "2026-04-10T02:00:03.817883Z", "deleted_at": null, "main_name": "BRONZE PALACE", "aliases": [ "APT15 ", "BRONZE DAVENPORT ", "BRONZE IDLEWOOD ", "CTG-6119 ", "CTG-6119 ", "CTG-9246 ", "Ke3chang ", "NICKEL ", "Nylon Typhoon ", "Playful Dragon", "Vixen Panda " ], "source_name": "Secureworks:BRONZE PALACE", "tools": [ "BMW", "BS2005", "Enfal", "Mirage", "RoyalCLI", "RoyalDNS" ], "source_id": "Secureworks", "reports": null }, { "id": "771d9263-076e-4b6e-bd58-92b6555eb739", "created_at": "2025-08-07T02:03:25.092436Z", "updated_at": "2026-04-10T02:00:03.758541Z", "deleted_at": null, "main_name": "NICKEL HYATT", "aliases": [ "APT45 ", "Andariel", "Dark Seoul", "Jumpy Pisces ", "Onyx Sleet ", "RIFLE Campaign", "Silent Chollima ", "Stonefly ", "UN614 " ], "source_name": "Secureworks:NICKEL HYATT", "tools": [ "ActiveX 0-day", "DTrack", "HazyLoad", "HotCriossant", "Rifle", "UnitBot", "Valefor" ], "source_id": "Secureworks", "reports": null }, { "id": "c93a7f58-3f75-487c-9bd6-e705b73fc07f", "created_at": "2023-01-06T13:46:38.330916Z", "updated_at": "2026-04-10T02:00:02.931171Z", "deleted_at": null, "main_name": "RADIO PANDA", "aliases": [ "Shrouded Crossbow" ], "source_name": "MISPGALAXY:RADIO PANDA", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "32a223a8-3c79-4146-87c5-8557d38662ae", "created_at": "2022-10-25T15:50:23.703698Z", "updated_at": "2026-04-10T02:00:05.261989Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "Lazarus Group", "Labyrinth Chollima", "HIDDEN COBRA", "Guardians of Peace", "NICKEL ACADEMY", "Diamond Sleet" ], "source_name": "MITRE:Lazarus Group", "tools": [ "RawDisk", "Proxysvc", "BADCALL", "FALLCHILL", "WannaCry", "MagicRAT", "HOPLIGHT", "TYPEFRAME", "Dtrack", "HotCroissant", "HARDRAIN", "Dacls", "KEYMARBLE", "TAINTEDSCRIBE", "AuditCred", "netsh", "ECCENTRICBANDWAGON", "AppleJeus", "BLINDINGCAN", "ThreatNeedle", "Volgmer", "Cryptoistic", "RATANKBA", "Bankshot" ], "source_id": "MITRE", "reports": null }, { "id": "f426f0a0-faef-4c0e-bcf8-88974116c9d0", "created_at": "2022-10-25T15:50:23.240383Z", "updated_at": "2026-04-10T02:00:05.299433Z", "deleted_at": null, "main_name": "APT38", "aliases": [ "APT38", "NICKEL GLADSTONE", "BeagleBoyz", "Bluenoroff", "Stardust Chollima", "Sapphire Sleet", "COPERNICIUM" ], "source_name": "MITRE:APT38", "tools": [ "ECCENTRICBANDWAGON", "HOPLIGHT", "Mimikatz", "KillDisk", "DarkComet" ], "source_id": "MITRE", "reports": null }, { "id": "b399b5f1-42d3-4b53-8c73-d448fce6ab43", "created_at": "2025-08-07T02:03:24.68371Z", "updated_at": "2026-04-10T02:00:03.64323Z", "deleted_at": null, "main_name": "BRONZE UNION", "aliases": [ "APT27 ", "Bowser", "Budworm ", "Circle Typhoon ", "Emissary Panda ", "Group35", "Iron Tiger ", "Linen Typhoon ", "Lucky Mouse ", "TG-3390 ", "Temp.Hippo " ], "source_name": "Secureworks:BRONZE UNION", "tools": [ "AbcShell", "China Chopper", "EAGERBEE", "Gh0st RAT", "OwaAuth", "PhantomNet", "PoisonIvy", "Sysupdate", "Wonknu", "Wrapikatz", "ZxShell", "reGeorg" ], "source_id": "Secureworks", "reports": null }, { "id": "88e53203-891a-46f8-9ced-81d874a271c4", "created_at": "2022-10-25T16:07:24.191982Z", "updated_at": "2026-04-10T02:00:04.895327Z", "deleted_at": null, "main_name": "Silence", "aliases": [ "ATK 86", "Contract Crew", "G0091", "TAG-CR8", "TEMP.TruthTeller", "Whisper Spider" ], "source_name": "ETDA:Silence", "tools": [ "EDA", "EmpireDNSAgent", "Farse", "Ivoke", "Kikothac", "LOLBAS", "LOLBins", "Living off the Land", "Meterpreter", "ProxyBot", "ReconModule", "Silence.Downloader", "TiniMet", "TinyMet", "TrueBot", "xfs-disp.exe" ], "source_id": "ETDA", "reports": null }, { "id": "9baa7519-772a-4862-b412-6f0463691b89", "created_at": "2022-10-25T15:50:23.354429Z", "updated_at": "2026-04-10T02:00:05.310361Z", "deleted_at": null, "main_name": "Mustang Panda", "aliases": [ "Mustang Panda", "TA416", "RedDelta", "BRONZE PRESIDENT", "STATELY TAURUS", "FIREANT", "CAMARO DRAGON", "EARTH PRETA", "HIVE0154", "TWILL TYPHOON", "TANTALUM", "LUMINOUS MOTH", "UNC6384", "TEMP.Hex", "Red Lich" ], "source_name": "MITRE:Mustang Panda", "tools": [ "CANONSTAGER", "STATICPLUGIN", "ShadowPad", "TONESHELL", "Cobalt Strike", "HIUPAN", "Impacket", "SplatCloak", "PAKLOG", "Wevtutil", "AdFind", "CLAIMLOADER", "Mimikatz", "PUBLOAD", "StarProxy", "CorKLOG", "RCSession", "NBTscan", "PoisonIvy", "SplatDropper", "China Chopper", "PlugX" ], "source_id": "MITRE", "reports": null }, { "id": "5da6b5fd-1955-412a-81aa-069fb50b6e31", "created_at": "2025-08-07T02:03:25.116085Z", "updated_at": "2026-04-10T02:00:03.668978Z", "deleted_at": null, "main_name": "TIN WOODLAWN", "aliases": [ "APT32 ", "Cobalt Kitty", "OceanLotus", "WOODLAWN " ], "source_name": "Secureworks:TIN WOODLAWN", "tools": [ "Cobalt Strike", "Denis", "Goopy", "JEShell", "KerrDown", "Mimikatz", "Ratsnif", "Remy", "Rizzo", "RolandRAT" ], "source_id": "Secureworks", "reports": null }, { "id": "99cb4e5b-8071-4f9e-aa1d-45bfbb6197e3", "created_at": "2023-01-06T13:46:38.860754Z", "updated_at": "2026-04-10T02:00:03.125179Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "SectorJ04", "SectorJ04 Group", "ATK103", "GRACEFUL SPIDER", "GOLD TAHOE", "Dudear", "G0092", "Hive0065", "CHIMBORAZO", "Spandex Tempest" ], "source_name": "MISPGALAXY:TA505", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "1bdb91cf-f1a6-4bed-8cfa-c7ea1b635ebd", "created_at": "2022-10-25T16:07:23.766784Z", "updated_at": "2026-04-10T02:00:04.7432Z", "deleted_at": null, "main_name": "Bluenoroff", "aliases": [ "APT 38", "ATK 117", "Alluring Pisces", "Black Alicanto", "Bluenoroff", "CTG-6459", "Copernicium", "G0082", "Nickel Gladstone", "Sapphire Sleet", "Selective Pisces", "Stardust Chollima", "T-APT-15", "TA444", "TAG-71", "TEMP.Hermit" ], "source_name": "ETDA:Bluenoroff", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "5c13338b-eaed-429a-9437-f5015aa98276", "created_at": "2022-10-25T16:07:23.582715Z", "updated_at": "2026-04-10T02:00:04.675765Z", "deleted_at": null, "main_name": "Emissary Panda", "aliases": [ "APT 27", "ATK 15", "Bronze Union", "Budworm", "Circle Typhoon", "Earth Smilodon", "Emissary Panda", "G0027", "Group 35", "Iron Taurus", "Iron Tiger", "Linen Typhoon", "LuckyMouse", "Operation DRBControl", "Operation Iron Tiger", "Operation PZChao", "Operation SpoiledLegacy", "Operation StealthyTrident", "Red Phoenix", "TEMP.Hippo", "TG-3390", "ZipToken" ], "source_name": "ETDA:Emissary Panda", "tools": [ "ASPXSpy", "ASPXTool", "Agent.dhwf", "AngryRebel", "Antak", "CHINACHOPPER", "China Chopper", "Destroy RAT", "DestroyRAT", "FOCUSFJORD", "Farfli", "Gh0st RAT", "Ghost RAT", "HTTPBrowser", "HTran", "HUC Packet Transmit Tool", "HighShell", "HttpBrowser RAT", "HttpDump", "HyperBro", "HyperSSL", "HyperShell", "Kaba", "Korplug", "LOLBAS", "LOLBins", "Living off the Land", "Mimikatz", "Moudour", "Mydoor", "Nishang", "OwaAuth", "PCRat", "PlugX", "ProcDump", "PsExec", "RedDelta", "SEASHARPEE", "Sensocode", "SinoChopper", "Sogu", "SysUpdate", "TIGERPLUG", "TVT", "Thoper", "Token Control", "TokenControl", "TwoFace", "WCE", "Windows Credential Editor", "Windows Credentials Editor", "Xamtrav", "ZXShell", "gsecdump", "luckyowa" ], "source_id": "ETDA", "reports": null }, { "id": "d4e7cd9a-2290-4f89-a645-85b9a46d004b", "created_at": "2022-10-25T16:07:23.419513Z", "updated_at": "2026-04-10T02:00:04.591062Z", "deleted_at": null, "main_name": "Bronze Butler", "aliases": [ "Bronze Butler", "CTG-2006", "G0060", "Operation ENDTRADE", "RedBaldNight", "Stalker Panda", "Stalker Taurus", "Swirl Typhoon", "TEMP.Tick", "Tick" ], "source_name": "ETDA:Bronze Butler", "tools": [ "8.t Dropper", "8.t RTF exploit builder", "8t_dropper", "9002 RAT", "AngryRebel", "Blogspot", "Daserf", "Datper", "Elirks", "Farfli", "Gh0st RAT", "Ghost RAT", "HOMEUNIX", "HidraQ", "HomamDownloader", "Homux", "Hydraq", "Lilith", "Lilith RAT", "McRAT", "MdmBot", "Mimikatz", "Minzen", "Moudour", "Muirim", "Mydoor", "Nioupale", "PCRat", "POISONPLUG.SHADOW", "Roarur", "RoyalRoad", "ShadowPad Winnti", "ShadowWali", "ShadowWalker", "SymonLoader", "WCE", "Wali", "Windows Credential Editor", "Windows Credentials Editor", "XShellGhost", "XXMM", "gsecdump", "rarstar" ], "source_id": "ETDA", "reports": null }, { "id": "2439ad53-39cc-4fff-8fdf-4028d65803c0", "created_at": "2022-10-25T16:07:23.353204Z", "updated_at": "2026-04-10T02:00:04.55407Z", "deleted_at": null, "main_name": "APT 32", "aliases": [ "APT 32", "APT-C-00", "APT-LY-100", "ATK 17", "G0050", "Lotus Bane", "Ocean Buffalo", "OceanLotus", "Operation Cobalt Kitty", "Operation PhantomLance", "Pond Loach", "SeaLotus", "SectorF01", "Tin Woodlawn" ], "source_name": "ETDA:APT 32", "tools": [ "Agentemis", "Android.Backdoor.736.origin", "AtNow", "Backdoor.MacOS.OCEANLOTUS.F", "BadCake", "CACTUSTORCH", "CamCapture Plugin", "CinaRAT", "Cobalt Strike", "CobaltStrike", "Cuegoe", "DKMC", "Denis", "Goopy", "HiddenLotus", "KOMPROGO", "KerrDown", "METALJACK", "MSFvenom", "Mimikatz", "Nishang", "OSX_OCEANLOTUS.D", "OceanLotus", "PHOREAL", "PWNDROID1", "PhantomLance", "PowerSploit", "Quasar RAT", "QuasarRAT", "RatSnif", "Remy", "Remy RAT", "Rizzo", "Roland", "Roland RAT", "SOUNDBITE", "Salgorea", "Splinter RAT", "Terracotta VPN", "Yggdrasil", "cobeacon", "denesRAT", "fingerprintjs2" ], "source_id": "ETDA", "reports": null }, { "id": "02c9f3f6-5d10-456b-9e63-750286048149", "created_at": "2022-10-25T16:07:23.722884Z", "updated_at": "2026-04-10T02:00:04.72726Z", "deleted_at": null, "main_name": "Inception Framework", "aliases": [ "ATK 116", "Blue Odin", "Clean Ursa", "Cloud Atlas", "G0100", "Inception Framework", "Operation Cloud Atlas", "Operation RedOctober", "The Rocra" ], "source_name": "ETDA:Inception Framework", "tools": [ "Lastacloud", "PowerShower", "VBShower" ], "source_id": "ETDA", "reports": null }, { "id": "2ee03999-5432-4a65-a850-c543b4fefc3d", "created_at": "2022-10-25T16:07:23.882813Z", "updated_at": "2026-04-10T02:00:04.776949Z", "deleted_at": null, "main_name": "Mustang Panda", "aliases": [ "Bronze President", "Camaro Dragon", "Earth Preta", "G0129", "Hive0154", "HoneyMyte", "Mustang Panda", "Operation SMUGX", "Operation SmugX", "PKPLUG", "Red Lich", "Stately Taurus", "TEMP.Hex", "Twill Typhoon" ], "source_name": "ETDA:Mustang Panda", "tools": [ "9002 RAT", "AdFind", "Agent.dhwf", "Agentemis", "CHINACHOPPER", "China Chopper", "Chymine", "ClaimLoader", "Cobalt Strike", "CobaltStrike", "DCSync", "DOPLUGS", "Darkmoon", "Destroy RAT", "DestroyRAT", "Farseer", "Gen:Trojan.Heur.PT", "HOMEUNIX", "Hdump", "HenBox", "HidraQ", "Hodur", "Homux", "HopperTick", "Hydraq", "Impacket", "Kaba", "Korplug", "LadonGo", "MQsTTang", "McRAT", "MdmBot", "Mimikatz", "NBTscan", "NetSess", "Netview", "Orat", "POISONPLUG.SHADOW", "PUBLOAD", "PVE Find AD Users", "PlugX", "Poison Ivy", "PowerView", "QMAGENT", "RCSession", "RedDelta", "Roarur", "SPIVY", "ShadowPad Winnti", "SinoChopper", "Sogu", "TIGERPLUG", "TONEINS", "TONESHELL", "TVT", "TeamViewer", "Thoper", "TinyNote", "WispRider", "WmiExec", "XShellGhost", "Xamtrav", "Zupdax", "cobeacon", "nbtscan", "nmap", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "e447d393-c259-46e2-9932-19be2ba67149", "created_at": "2022-10-25T16:07:24.28282Z", "updated_at": "2026-04-10T02:00:04.921616Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "ATK 103", "Chimborazo", "G0092", "Gold Evergreen", "Gold Tahoe", "Graceful Spider", "Hive0065", "Operation Tovar", "Operation Trident Breach", "SectorJ04", "Spandex Tempest", "TA505", "TEMP.Warlock" ], "source_name": "ETDA:TA505", "tools": [ "Amadey", "AmmyyRAT", "AndroMut", "Azer", "Bart", "Bugat v5", "CryptFile2", "CryptoLocker", "CryptoMix", "CryptoShield", "Dridex", "Dudear", "EmailStealer", "FRIENDSPEAK", "Fake Globe", "Fareit", "FlawedAmmyy", "FlawedGrace", "FlowerPippi", "GOZ", "GameOver Zeus", "GazGolder", "Gelup", "Get2", "GetandGo", "GlobeImposter", "Gorhax", "GraceWire", "Gussdoor", "Jaff", "Kasidet", "Kegotip", "Kneber", "LOLBAS", "LOLBins", "Living off the Land", "Locky", "MINEBRIDGE", "MINEBRIDGE RAT", "MirrorBlast", "Neutrino Bot", "Neutrino Exploit Kit", "P2P Zeus", "Peer-to-Peer Zeus", "Philadelphia", "Philadephia Ransom", "Pony Loader", "Rakhni", "ReflectiveGnome", "Remote Manipulator System", "RockLoader", "RuRAT", "SDBbot", "ServHelper", "Shifu", "Siplog", "TeslaGun", "TiniMet", "TinyMet", "Trojan.Zbot", "Wsnpoem", "Zbot", "Zeta", "ZeuS", "Zeus" ], "source_id": "ETDA", "reports": null }, { "id": "e3767160-695d-4360-8b2e-d5274db3f7cd", "created_at": "2022-10-25T16:47:55.914348Z", "updated_at": "2026-04-10T02:00:03.610018Z", "deleted_at": null, "main_name": "IRON TWILIGHT", "aliases": [ "APT28 ", "ATK5 ", "Blue Athena ", "BlueDelta ", "FROZENLAKE ", "Fancy Bear ", "Fighting Ursa ", "Forest Blizzard ", "GRAPHITE ", "Group 74 ", "PawnStorm ", "STRONTIUM ", "Sednit ", "Snakemackerel ", "Sofacy ", "TA422 ", "TG-4127 ", "Tsar Team ", "UAC-0001 " ], "source_name": "Secureworks:IRON TWILIGHT", "tools": [ "Downdelph", "EVILTOSS", "SEDUPLOADER", "SHARPFRONT" ], "source_id": "Secureworks", "reports": null }, { "id": "236a8303-bf12-4787-b6d0-549b44271a19", "created_at": "2024-06-04T02:03:07.966137Z", "updated_at": "2026-04-10T02:00:03.706923Z", "deleted_at": null, "main_name": "IRON TILDEN", "aliases": [ "ACTINIUM ", "Aqua Blizzard ", "Armageddon", "Blue Otso ", "BlueAlpha ", "Dancing Salome ", "Gamaredon", "Gamaredon Group", "Hive0051 ", "Primitive Bear ", "Shuckworm ", "Trident Ursa ", "UAC-0010 ", "UNC530 ", "WinterFlounder " ], "source_name": "Secureworks:IRON TILDEN", "tools": [ "Pterodo" ], "source_id": "Secureworks", "reports": null }, { "id": "ae320ed7-9a63-42ed-944b-44ada7313495", "created_at": "2022-10-25T15:50:23.671663Z", "updated_at": "2026-04-10T02:00:05.283292Z", "deleted_at": null, "main_name": "APT28", "aliases": [ "APT28", "IRON TWILIGHT", "SNAKEMACKEREL", "Group 74", "Sednit", "Sofacy", "Pawn Storm", "Fancy Bear", "STRONTIUM", "Tsar Team", "Threat Group-4127", "TG-4127", "Forest Blizzard", "FROZENLAKE", "GruesomeLarch" ], "source_name": "MITRE:APT28", "tools": [ "Wevtutil", "certutil", "Forfiles", "DealersChoice", "Mimikatz", "ADVSTORESHELL", "Komplex", "HIDEDRV", "JHUHUGIT", "Koadic", "Winexe", "cipher.exe", "XTunnel", "Drovorub", "CORESHELL", "OLDBAIT", "Downdelph", "XAgentOSX", "USBStealer", "Zebrocy", "reGeorg", "Fysbis", "LoJax" ], "source_id": "MITRE", "reports": null }, { "id": "20d3a08a-3b97-4b2f-90b8-92a89089a57a", "created_at": "2022-10-25T15:50:23.548494Z", "updated_at": "2026-04-10T02:00:05.292748Z", "deleted_at": null, "main_name": "APT29", "aliases": [ "APT29", "IRON RITUAL", "IRON HEMLOCK", "NobleBaron", "Dark Halo", "NOBELIUM", "UNC2452", "YTTRIUM", "The Dukes", "Cozy Bear", "CozyDuke", "SolarStorm", "Blue Kitsune", "UNC3524", "Midnight Blizzard" ], "source_name": "MITRE:APT29", "tools": [ "PinchDuke", "ROADTools", "WellMail", "CozyCar", "Mimikatz", "Tasklist", "OnionDuke", "FatDuke", "POSHSPY", "EnvyScout", "SoreFang", "GeminiDuke", "reGeorg", "GoldMax", "FoggyWeb", "SDelete", "PolyglotDuke", "AADInternals", "MiniDuke", "SeaDuke", "Sibot", "RegDuke", "CloudDuke", "GoldFinder", "AdFind", "PsExec", "NativeZone", "Systeminfo", "ipconfig", "Impacket", "Cobalt Strike", "PowerDuke", "QUIETEXIT", "HAMMERTOSS", "BoomBox", "CosmicDuke", "WellMess", "VaporRage", "LiteDuke" ], "source_id": "MITRE", "reports": null }, { "id": "b3e954e8-8bbb-46f3-84de-d6f12dc7e1a6", "created_at": "2022-10-25T15:50:23.339976Z", "updated_at": "2026-04-10T02:00:05.27483Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "Sandworm Team", "ELECTRUM", "Telebots", "IRON VIKING", "BlackEnergy (Group)", "Quedagh", "Voodoo Bear", "IRIDIUM", "Seashell Blizzard", "FROZENBARENTS", "APT44" ], "source_name": "MITRE:Sandworm Team", "tools": [ "Bad Rabbit", "Mimikatz", "Exaramel for Linux", "Exaramel for Windows", "GreyEnergy", "PsExec", "Prestige", "P.A.S. Webshell", "AcidPour", "VPNFilter", "Neo-reGeorg", "Cyclops Blink", "SDelete", "Kapeka", "AcidRain", "Industroyer", "Industroyer2", "BlackEnergy", "Cobalt Strike", "NotPetya", "KillDisk", "PoshC2", "Impacket", "Invoke-PSImage", "Olympic Destroyer" ], "source_id": "MITRE", "reports": null }, { "id": "236429ce-6355-43f6-9b58-e6803a1df3f4", "created_at": "2026-03-16T02:02:50.60344Z", "updated_at": "2026-04-10T02:00:03.641587Z", "deleted_at": null, "main_name": "Bronze Union", "aliases": [ "Circle Typhoon ", "Emissary Panda " ], "source_name": "Secureworks:Bronze Union", "tools": [ "China Chopper", "OwaAuth", "Sysupdate" ], "source_id": "Secureworks", "reports": null }, { "id": "06f622cb-3a78-49cf-9a4c-a6007a69325f", "created_at": "2022-10-25T16:07:23.315239Z", "updated_at": "2026-04-10T02:00:04.537826Z", "deleted_at": null, "main_name": "APT 3", "aliases": [ "APT 3", "Boron", "Brocade Typhoon", "Bronze Mayfair", "Buckeye", "G0022", "Gothic Panda", "Group 6", "Operation Clandestine Fox", "Operation Clandestine Fox, Part Deux", "Operation Clandestine Wolf", "Operation Double Tap", "Red Sylvan", "TG-0110", "UPS Team" ], "source_name": "ETDA:APT 3", "tools": [ "APT3 Keylogger", "Agent.dhwf", "BKDR_HUPIGON", "Backdoor.APT.CookieCutter", "Badey", "Bemstour", "CookieCutter", "Destroy RAT", "DestroyRAT", "DoublePulsar", "EXL", "EternalBlue", "HTran", "HUC Packet Transmit Tool", "Hupigon", "Hupigon RAT", "Kaba", "Korplug", "LaZagne", "MFC Huner", "OSInfo", "Pirpi", "PlugX", "RedDelta", "RemoteCMD", "SHOTPUT", "Sogu", "TIGERPLUG", "TTCalc", "TVT", "Thoper", "Xamtrav", "remotecmd", "shareip", "w32times" ], "source_id": "ETDA", "reports": null }, { "id": "d2516b8e-e74f-490d-8a15-43ad6763c7ab", "created_at": "2022-10-25T16:07:24.212584Z", "updated_at": "2026-04-10T02:00:04.900038Z", "deleted_at": null, "main_name": "Sofacy", "aliases": [ "APT 28", "ATK 5", "Blue Athena", "BlueDelta", "FROZENLAKE", "Fancy Bear", "Fighting Ursa", "Forest Blizzard", "G0007", "Grey-Cloud", "Grizzly Steppe", "Group 74", "GruesomeLarch", "ITG05", "Iron Twilight", "Operation DealersChoice", "Operation Dear Joohn", "Operation Komplex", "Operation Pawn Storm", "Operation RoundPress", "Operation Russian Doll", "Operation Steal-It", "Pawn Storm", "SIG40", "Sednit", "Snakemackerel", "Sofacy", "Strontium", "T-APT-12", "TA422", "TAG-0700", "TAG-110", "TG-4127", "Tsar Team", "UAC-0028", "UAC-0063" ], "source_name": "ETDA:Sofacy", "tools": [ "ADVSTORESHELL", "AZZY", "Backdoor.SofacyX", "CHERRYSPY", "CORESHELL", "Carberp", "Computrace", "DealersChoice", "Delphacy", "Downdelph", "Downrage", "Drovorub", "EVILTOSS", "Foozer", "GAMEFISH", "GooseEgg", "Graphite", "HATVIBE", "HIDEDRV", "Headlace", "Impacket", "JHUHUGIT", "JKEYSKW", "Koadic", "Komplex", "LOLBAS", "LOLBins", "Living off the Land", "LoJack", "LoJax", "MASEPIE", "Mimikatz", "NETUI", "Nimcy", "OCEANMAP", "OLDBAIT", "PocoDown", "PocoDownloader", "Popr-d30", "ProcDump", "PythocyDbg", "SMBExec", "SOURFACE", "SPLM", "STEELHOOK", "Sasfis", "Sedkit", "Sednit", "Sedreco", "Seduploader", "Shunnael", "SkinnyBoy", "Sofacy", "SofacyCarberp", "SpiderLabs Responder", "Trojan.Shunnael", "Trojan.Sofacy", "USB Stealer", "USBStealer", "VPNFilter", "Win32/USBStealer", "WinIDS", "Winexe", "X-Agent", "X-Tunnel", "XAPS", "XTunnel", "Xagent", "Zebrocy", "Zekapab", "carberplike", "certutil", "certutil.exe", "fysbis", "webhp" ], "source_id": "ETDA", "reports": null }, { "id": "b6436f7b-6012-4969-aed1-d440e2e8b238", "created_at": "2022-10-25T16:07:23.91517Z", "updated_at": "2026-04-10T02:00:04.788408Z", "deleted_at": null, "main_name": "OilRig", "aliases": [ "APT 34", "ATK 40", "Chrysene", "Cobalt Gypsy", "Crambus", "DEV-0861", "EUROPIUM", "Earth Simnavaz", "Evasive Serpens", "G0049", "Hazel Sandstorm", "Helix Kitten", "IRN2", "ITG13", "Scarred Manticore", "Storm-0861", "TA452", "Twisted Kitten", "UNC1860", "Yellow Maero" ], "source_name": "ETDA:OilRig", "tools": [ "AMATIAS", "Agent Drable", "Agent Injector", "AgentDrable", "Alma Communicator", "BONDUPDATER", "CACTUSPIPE", "Clayslide", "CypherRat", "DNSExfitrator", "DNSpionage", "DROPSHOT", "DistTrack", "DropperBackdoor", "Fox Panel", "GREYSTUFF", "GoogleDrive RAT", "HighShell", "HyperShell", "ISMAgent", "ISMDoor", "ISMInjector", "Jason", "Karkoff", "LIONTAIL", "LOLBAS", "LOLBins", "LONGWATCH", "LaZagne", "Living off the Land", "MailDropper", "Mimikatz", "MrPerfectInstaller", "OILYFACE", "OopsIE", "POWBAT", "POWRUNER", "Plink", "Poison Frog", "PowerExchange", "PsList", "PuTTY Link", "QUADAGENT", "RDAT", "RGDoor", "SEASHARPEE", "Saitama", "Saitama Backdoor", "Shamoon", "SideTwist", "SpyNote", "SpyNote RAT", "StoneDrill", "TONEDEAF", "TONEDEAF 2.0", "ThreeDollars", "TwoFace", "VALUEVAULT", "Webmask", "WinRAR", "ZEROCLEAR", "ZeroCleare", "certutil", "certutil.exe" ], "source_id": "ETDA", "reports": null }, { "id": "86fd71d3-06dc-4b73-b038-cedea7b83bac", "created_at": "2022-10-25T16:07:23.330793Z", "updated_at": "2026-04-10T02:00:04.545236Z", "deleted_at": null, "main_name": "APT 17", "aliases": [ "APT 17", "ATK 2", "Beijing Group", "Bronze Keystone", "Deputy Dog", "Elderwood", "Elderwood Gang", "G0025", "G0066", "Operation Aurora", "Operation DeputyDog", "Operation Ephemeral Hydra", "Operation RAT Cook", "SIG22", "Sneaky Panda", "TEMP.Avengers", "TG-8153", "Tailgater Team" ], "source_name": "ETDA:APT 17", "tools": [ "9002 RAT", "AGENT.ABQMR", "AGENT.AQUP.DROPPER", "AGENT.BMZA", "AGENT.GUNZ", "Agent.dhwf", "AngryRebel", "BlackCoffee", "Briba", "Chymine", "Comfoo", "Comfoo RAT", "Darkmoon", "DeputyDog", "Destroy RAT", "DestroyRAT", "Farfli", "Fexel", "Gen:Trojan.Heur.PT", "Gh0st RAT", "Ghost RAT", "Gresim", "HOMEUNIX", "HiKit", "HidraQ", "Homux", "Hydraq", "Jumpall", "Kaba", "Korplug", "Linfo", "MCRAT.A", "McRAT", "MdmBot", "Mdmbot.E", "Moudour", "Mydoor", "Naid", "Nerex", "PCRat", "PNGRAT", "Pasam", "PlugX", "Poison Ivy", "RedDelta", "Roarur", "SPIVY", "Sogu", "TIGERPLUG", "TVT", "Thoper", "Trojan.Naid", "Vasport", "Wiarp", "Xamtrav", "Zox", "ZoxPNG", "ZoxRPC", "gresim", "pivy", "poisonivy" ], "source_id": "ETDA", "reports": null }, { "id": "b9806584-4d82-4f32-ae97-18a2583e8d11", "created_at": "2022-10-25T16:07:23.787833Z", "updated_at": "2026-04-10T02:00:04.749709Z", "deleted_at": null, "main_name": "Leviathan", "aliases": [ "APT 40", "ATK 29", "Bronze Mohawk", "G0065", "Gadolinium", "Gingham Typhoon", "ISLANDDREAMS", "ITG09", "Jumper Taurus", "Kryptonite Panda", "Mudcarp", "Red Ladon", "TA423", "TEMP.Jumper", "TEMP.Periscope" ], "source_name": "ETDA:Leviathan", "tools": [ "AIRBREAK", "Agent.dhwf", "Agentemis", "AngryRebel", "BADFLICK", "BlackCoffee", "CHINACHOPPER", "China Chopper", "Cobalt Strike", "CobaltStrike", "DADJOKE", "Dadstache", "Derusbi", "Destroy RAT", "DestroyRAT", "Farfli", "GRILLMARK", "Gh0st RAT", "Ghost RAT", "HOMEFRY", "Hellsing Backdoor", "Kaba", "Korplug", "LOLBAS", "LOLBins", "LUNCHMONEY", "Living off the Land", "MURKYTOP", "Moudour", "Mydoor", "NanHaiShu", "Orz", "PCRat", "PNGRAT", "PlugX", "RedDelta", "SeDLL", "Sensocode", "SinoChopper", "Sogu", "TIGERPLUG", "TVT", "Thoper", "WCE", "Windows Credential Editor", "Windows Credentials Editor", "Xamtrav", "ZXShell", "ZoxPNG", "cobeacon", "gresim", "scanbox" ], "source_id": "ETDA", "reports": null }, { "id": "f32df445-9fb4-4234-99e0-3561f6498e4e", "created_at": "2022-10-25T16:07:23.756373Z", "updated_at": "2026-04-10T02:00:04.739611Z", "deleted_at": null, "main_name": "Lazarus Group", "aliases": [ "APT-C-26", "ATK 3", "Appleworm", "Citrine Sleet", "DEV-0139", "Diamond Sleet", "G0032", "Gleaming Pisces", "Gods Apostles", "Gods Disciples", "Group 77", "Guardians of Peace", "Hastati Group", "Hidden Cobra", "ITG03", "Jade Sleet", "Labyrinth Chollima", "Lazarus Group", "NewRomanic Cyber Army Team", "Operation 99", "Operation AppleJeus", "Operation AppleJeus sequel", "Operation Blockbuster: Breach of Sony Pictures Entertainment", "Operation CryptoCore", "Operation Dream Job", "Operation Dream Magic", "Operation Flame", "Operation GhostSecret", "Operation In(ter)caption", "Operation LolZarus", "Operation Marstech Mayhem", "Operation No Pineapple!", "Operation North Star", "Operation Phantom Circuit", "Operation Sharpshooter", "Operation SyncHole", "Operation Ten Days of Rain / DarkSeoul", "Operation Troy", "SectorA01", "Slow Pisces", "TA404", "TraderTraitor", "UNC2970", "UNC4034", "UNC4736", "UNC4899", "UNC577", "Whois Hacking Team" ], "source_name": "ETDA:Lazarus Group", "tools": [ "3CX Backdoor", "3Rat Client", "3proxy", "AIRDRY", "ARTFULPIE", "ATMDtrack", "AlphaNC", "Alreay", "Andaratm", "AngryRebel", "AppleJeus", "Aryan", "AuditCred", "BADCALL", "BISTROMATH", "BLINDINGCAN", "BTC Changer", "BUFFETLINE", "BanSwift", "Bankshot", "Bitrep", "Bitsran", "BlindToad", "Bookcode", "BootWreck", "BottomLoader", "Brambul", "BravoNC", "Breut", "COLDCAT", "COPPERHEDGE", "CROWDEDFLOUNDER", "Castov", "CheeseTray", "CleanToad", "ClientTraficForwarder", "CollectionRAT", "Concealment Troy", "Contopee", "CookieTime", "Cyruslish", "DAVESHELL", "DBLL Dropper", "DLRAT", "DRATzarus", "DRATzarus RAT", "Dacls", "Dacls RAT", "DarkComet", "DarkKomet", "DeltaCharlie", "DeltaNC", "Dembr", "Destover", "DoublePulsar", "Dozer", "Dtrack", "Duuzer", "DyePack", "ECCENTRICBANDWAGON", "ELECTRICFISH", "Escad", "EternalBlue", "FALLCHILL", "FYNLOS", "FallChill RAT", "Farfli", "Fimlis", "FoggyBrass", "FudModule", "Fynloski", "Gh0st RAT", "Ghost RAT", "Gopuram", "HARDRAIN", "HIDDEN COBRA RAT/Worm", "HLOADER", "HOOKSHOT", "HOPLIGHT", "HOTCROISSANT", "HOTWAX", "HTTP Troy", "Hawup", "Hawup RAT", "Hermes", "HotCroissant", "HotelAlfa", "Hotwax", "HtDnDownLoader", "Http Dr0pper", "ICONICSTEALER", "Joanap", "Jokra", "KANDYKORN", "KEYMARBLE", "Kaos", "KillDisk", "KillMBR", "Koredos", "Krademok", "LIGHTSHIFT", "LIGHTSHOW", "LOLBAS", "LOLBins", "Lazarus", "LightlessCan", "Living off the Land", "MATA", "MBRkiller", "MagicRAT", "Manuscrypt", "Mimail", "Mimikatz", "Moudour", "Mydoom", "Mydoor", "Mytob", "NACHOCHEESE", "NachoCheese", "NestEgg", "NickelLoader", "NineRAT", "Novarg", "NukeSped", "OpBlockBuster", "PCRat", "PEBBLEDASH", "PLANKWALK", "POOLRAT", "PSLogger", "PhanDoor", "Plink", "PondRAT", "PowerBrace", "PowerRatankba", "PowerShell RAT", "PowerSpritz", "PowerTask", "Preft", "ProcDump", "Proxysvc", "PuTTY Link", "QUICKRIDE", "QUICKRIDE.POWER", "Quickcafe", "QuiteRAT", "R-C1", "ROptimizer", "Ratabanka", "RatabankaPOS", "Ratankba", "RatankbaPOS", "RawDisk", "RedShawl", "Rifdoor", "Rising Sun", "Romeo-CoreOne", "RomeoAlfa", "RomeoBravo", "RomeoCharlie", "RomeoCore", "RomeoDelta", "RomeoEcho", "RomeoFoxtrot", "RomeoGolf", "RomeoHotel", "RomeoMike", "RomeoNovember", "RomeoWhiskey", "Romeos", "RustBucket", "SHADYCAT", "SHARPKNOT", "SIGFLIP", "SIMPLESEA", "SLICKSHOES", "SORRYBRUTE", "SUDDENICON", "SUGARLOADER", "SheepRAT", "SierraAlfa", "SierraBravo", "SierraCharlie", "SierraJuliett-MikeOne", "SierraJuliett-MikeTwo", "SimpleTea", "SimplexTea", "SmallTiger", "Stunnel", "TAINTEDSCRIBE", "TAXHAUL", "TFlower", "TOUCHKEY", "TOUCHMOVE", "TOUCHSHIFT", "TOUCHSHOT", "TWOPENCE", "TYPEFRAME", "Tdrop", "Tdrop2", "ThreatNeedle", "Tiger RAT", "TigerRAT", "Trojan Manuscript", "Troy", "TroyRAT", "VEILEDSIGNAL", "VHD", "VHD Ransomware", "VIVACIOUSGIFT", "VSingle", "ValeforBeta", "Volgmer", "Vyveva", "W1_RAT", "Wana Decrypt0r", "WanaCry", "WanaCrypt", "WanaCrypt0r", "WannaCry", "WannaCrypt", "WannaCryptor", "WbBot", "Wcry", "Win32/KillDisk.NBB", "Win32/KillDisk.NBC", "Win32/KillDisk.NBD", "Win32/KillDisk.NBH", "Win32/KillDisk.NBI", "WinorDLL64", "Winsec", "WolfRAT", "Wormhole", "YamaBot", "Yort", "ZetaNile", "concealment_troy", "http_troy", "httpdr0pper", "httpdropper", "klovbot", "sRDI" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434220, "ts_updated_at": 1775792300, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/843cdcc1b7e6380ed0606be92bede6f4a7d32564.pdf", "text": "https://archive.orkl.eu/843cdcc1b7e6380ed0606be92bede6f4a7d32564.txt", "img": "https://archive.orkl.eu/843cdcc1b7e6380ed0606be92bede6f4a7d32564.jpg" } }