{
	"id": "6ae878fe-5228-4254-9c16-3ae446fb0744",
	"created_at": "2026-04-06T00:12:20.283923Z",
	"updated_at": "2026-04-10T13:11:46.657274Z",
	"deleted_at": null,
	"sha1_hash": "8930a843b96927272bfe20bec4d98db3a33e09e6",
	"title": "SHIPSHAPE (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 27706,
	"plain_text": "SHIPSHAPE (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 19:21:30 UTC\r\nSHIPSHAPE is malware developed by APT30 that allows propagation and exfiltration of data over removable\r\ndevices. APT30 may use this capability to exfiltrate data across air-gaps.\r\n[TLP:WHITE] win_shipshape_auto (20251219 | Detects win.shipshape.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.shipshape\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.shipshape\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.shipshape"
	],
	"report_names": [
		"win.shipshape"
	],
	"threat_actors": [
		{
			"id": "a9ee8219-1882-4b1b-bac8-641b1603787d",
			"created_at": "2022-10-25T15:50:23.78263Z",
			"updated_at": "2026-04-10T02:00:05.351155Z",
			"deleted_at": null,
			"main_name": "APT30",
			"aliases": [
				"APT30"
			],
			"source_name": "MITRE:APT30",
			"tools": [
				"SHIPSHAPE",
				"FLASHFLOOD",
				"NETEAGLE"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "30ed778d-15b3-484e-a90b-e1e05b36a42f",
			"created_at": "2023-01-06T13:46:38.290626Z",
			"updated_at": "2026-04-10T02:00:02.91411Z",
			"deleted_at": null,
			"main_name": "APT30",
			"aliases": [
				"G0013"
			],
			"source_name": "MISPGALAXY:APT30",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "578e92ed-3eda-45ef-b4bb-b882ec3dbb62",
			"created_at": "2025-08-07T02:03:24.604463Z",
			"updated_at": "2026-04-10T02:00:03.798481Z",
			"deleted_at": null,
			"main_name": "BRONZE GENEVA",
			"aliases": [
				"APT30 ",
				"BRONZE STERLING ",
				"CTG-5326 ",
				"Naikon ",
				"Override Panda ",
				"RADIUM ",
				"Raspberry Typhoon"
			],
			"source_name": "Secureworks:BRONZE GENEVA",
			"tools": [
				"Lecna Downloader",
				"Nebulae",
				"ShadowPad"
			],
			"source_id": "Secureworks",
			"reports": null
		}
	],
	"ts_created_at": 1775434340,
	"ts_updated_at": 1775826706,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8930a843b96927272bfe20bec4d98db3a33e09e6.pdf",
		"text": "https://archive.orkl.eu/8930a843b96927272bfe20bec4d98db3a33e09e6.txt",
		"img": "https://archive.orkl.eu/8930a843b96927272bfe20bec4d98db3a33e09e6.jpg"
	}
}