{
	"id": "da3416ef-598d-4c4c-972f-a623b75b3ed2",
	"created_at": "2026-04-06T00:15:18.9042Z",
	"updated_at": "2026-04-10T03:30:49.708381Z",
	"deleted_at": null,
	"sha1_hash": "8b2fd0bcc7349391cf634d22215efbb039b7ee90",
	"title": "Icefog (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 27052,
	"plain_text": "Icefog (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 23:02:15 UTC\r\nThere is no description at this point.\r\n[TLP:WHITE] win_icefog_auto (20251219 | Detects win.icefog.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.icefog\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.icefog\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.icefog"
	],
	"report_names": [
		"win.icefog"
	],
	"threat_actors": [
		{
			"id": "1aead86d-0c57-4e3b-b464-a69f6de20cde",
			"created_at": "2023-01-06T13:46:38.318176Z",
			"updated_at": "2026-04-10T02:00:02.925424Z",
			"deleted_at": null,
			"main_name": "DAGGER PANDA",
			"aliases": [
				"UAT-7290",
				"Red Foxtrot",
				"IceFog",
				"RedFoxtrot",
				"Red Wendigo",
				"PLA Unit 69010"
			],
			"source_name": "MISPGALAXY:DAGGER PANDA",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "5d9dfc61-6138-497a-b9da-33885539f19c",
			"created_at": "2022-10-25T16:07:23.720008Z",
			"updated_at": "2026-04-10T02:00:04.726002Z",
			"deleted_at": null,
			"main_name": "Icefog",
			"aliases": [
				"ATK 23",
				"Dagger Panda",
				"Icefog",
				"Red Wendigo"
			],
			"source_name": "ETDA:Icefog",
			"tools": [
				"8.t Dropper",
				"8.t RTF exploit builder",
				"8t_dropper",
				"Dagger Three",
				"Fucobha",
				"Icefog",
				"Javafog",
				"POISONPLUG.SHADOW",
				"RoyalRoad",
				"ShadowPad Winnti",
				"XShellGhost"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434518,
	"ts_updated_at": 1775791849,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/8b2fd0bcc7349391cf634d22215efbb039b7ee90.pdf",
		"text": "https://archive.orkl.eu/8b2fd0bcc7349391cf634d22215efbb039b7ee90.txt",
		"img": "https://archive.orkl.eu/8b2fd0bcc7349391cf634d22215efbb039b7ee90.jpg"
	}
}