{ "id": "e727aef2-5c92-4316-ae4b-6a487af87f9f", "created_at": "2026-04-06T00:18:56.19887Z", "updated_at": "2026-04-10T03:36:08.341783Z", "deleted_at": null, "sha1_hash": "9e09f630a90f71b323b754eb74ea0d71300036bd", "title": "TerraPreter (Malware Family)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 38294, "plain_text": "TerraPreter (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 19:35:34 UTC\r\nwin.terrapreter (Back to overview)\r\nTerraPreter\r\nThere is no description at this point.\r\nReferences\r\n2023-01-24 ⋅ eSentire ⋅ Joe Stewart, Keegan Keplinger\r\nUnmasking Venom Spider\r\nMore_eggs TerraPreter TerraLoader VenomLNK\r\n2021-04-05 ⋅ eSentire ⋅ eSentire\r\nHackers Spearphish Professionals on LinkedIn with Fake Job Offers, Infecting them with Malware, Warns\r\neSentire\r\nMore_eggs TerraPreter TerraLoader VenomLNK\r\n2020-07-09 ⋅ ESET Research ⋅ Matías Porolli\r\nMore evil: A deep look at Evilnum and its toolset\r\nEVILNUM More_eggs EVILNUM TerraPreter TerraStealer TerraTV Evilnum\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.terrapreter\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.terrapreter\r\nPage 1 of 1", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.terrapreter" ], "report_names": [ "win.terrapreter" ], "threat_actors": [ { "id": "059b16f8-d4e0-4399-9add-18101a2fd298", "created_at": "2022-10-25T15:50:23.29434Z", "updated_at": "2026-04-10T02:00:05.380938Z", "deleted_at": null, "main_name": "Evilnum", "aliases": [ "Evilnum" ], "source_name": "MITRE:Evilnum", "tools": [ "More_eggs", "EVILNUM", "LaZagne" ], "source_id": "MITRE", "reports": null }, { "id": "f2fa9952-301f-4376-ac69-743d6f2bec1e", "created_at": "2023-01-06T13:46:39.122721Z", "updated_at": "2026-04-10T02:00:03.22231Z", "deleted_at": null, "main_name": "VENOM SPIDER", "aliases": [ "badbullz", "badbullzvenom" ], "source_name": "MISPGALAXY:VENOM SPIDER", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8ce861d7-7fbd-4d9c-a211-367c118bfdbd", "created_at": "2023-01-06T13:46:39.153487Z", "updated_at": "2026-04-10T02:00:03.232006Z", "deleted_at": null, "main_name": "Evilnum", "aliases": [ "EvilNum", "Jointworm", "KNOCKOUT SPIDER", "DeathStalker", "TA4563" ], "source_name": "MISPGALAXY:Evilnum", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "39ea99fb-1704-445d-b5cd-81e7c99d6012", "created_at": "2022-10-25T16:07:23.601894Z", "updated_at": "2026-04-10T02:00:04.684134Z", "deleted_at": null, "main_name": "Evilnum", "aliases": [ "G0120", "Jointworm", "Operation Phantom in the [Command] Shell", "TA4563" ], "source_name": "ETDA:Evilnum", "tools": [ "Bypass-UAC", "Cardinal RAT", "ChromeCookiesView", "EVILNUM", "Evilnum", "IronPython", "LaZagne", "MailPassView", "More_eggs", "ProduKey", "PyVil", "PyVil RAT", "SONE", "SpicyOmelette", "StealerOne", "Taurus Loader Stealer Module", "Taurus Loader TeamViewer Module", "Terra Loader", "TerraPreter", "TerraStealer", "TerraTV" ], "source_id": "ETDA", "reports": null }, { "id": "7a257844-df90-4bd4-b0f1-77d00ff82802", "created_at": "2022-10-25T16:07:24.376356Z", "updated_at": "2026-04-10T02:00:04.964565Z", "deleted_at": null, "main_name": "Venom Spider", "aliases": [ "Golden Chickens", "TA4557", "Venom Spider" ], "source_name": "ETDA:Venom Spider", "tools": [ "More_eggs", "PureLocker", "SONE", "SpicyOmelette", "StealerOne", "Taurus Builder", "Taurus Builder Kit", "Taurus Loader", "Taurus Loader Reconnaissance Module", "Taurus Loader Stealer Module", "Taurus Loader TeamViewer Module", "Terra Loader", "TerraCrypt", "TerraLogger", "TerraPreter", "TerraRecon", "TerraStealer", "TerraTV", "TerraWiper", "ThreatKit", "VenomKit", "VenomLNK", "lite_more_eggs" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434736, "ts_updated_at": 1775792168, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/9e09f630a90f71b323b754eb74ea0d71300036bd.pdf", "text": "https://archive.orkl.eu/9e09f630a90f71b323b754eb74ea0d71300036bd.txt", "img": "https://archive.orkl.eu/9e09f630a90f71b323b754eb74ea0d71300036bd.jpg" } }