{ "id": "14988b3b-239f-4eab-ad70-1e1d8757a5d9", "created_at": "2026-04-06T00:18:41.919166Z", "updated_at": "2026-04-10T13:12:00.272027Z", "deleted_at": null, "sha1_hash": "a203bd296538100b1a2eb4b2c894ec734893c1ad", "title": "MINEBRIDGE (Malware Family)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 42089, "plain_text": "MINEBRIDGE (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 21:58:10 UTC\r\nwin.minebridge (Back to overview)\r\nMINEBRIDGE\r\naka: GazGolder\r\nThere is no description at this point.\r\nReferences\r\n2021-06-24 ⋅ Zscaler ⋅ Sahil Antil, Sudeep Singh\r\nDemystifying the full attack chain of MineBridge RAT\r\nMINEBRIDGE\r\n2021-03-09 ⋅ Morphisec ⋅ Alon Groisman\r\nMineBridge Is on the Rise, With a Sophisticated Delivery Mechanism\r\nMINEBRIDGE\r\n2021-02-23 ⋅ Zscaler ⋅ Sahil Antil, Sudeep Singh\r\nReturn of the MINEBRIDGE RAT With New TTPs and Social Engineering Lures\r\nMINEBRIDGE\r\n2021-01-15 ⋅ Bleeping Computer ⋅ Lawrence Abrams\r\nWindows Finger command abused by phishing to download malware\r\nMINEBRIDGE\r\n2020-03-04 ⋅ SentinelOne ⋅ Jason Reaves\r\nBreaking TA505’s Crypter with an SMT Solver\r\nClop CryptoMix MINEBRIDGE\r\n2020-02-05 ⋅ FireEye ⋅ Andrew Moore, Blaine Stancill, Genevieve Stark, Rick Cole\r\nSTOMP 2 DIS: Brilliance in the (Visual) Basics\r\nMINEBRIDGE\r\nThere is no Yara-Signature yet.\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.minebridge\r\nPage 1 of 2\n\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.minebridge\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.minebridge\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.minebridge" ], "report_names": [ "win.minebridge" ], "threat_actors": [ { "id": "5e6b31a6-80e3-4e7d-8b0a-d94897ce9b59", "created_at": "2024-06-19T02:03:08.128175Z", "updated_at": "2026-04-10T02:00:03.636663Z", "deleted_at": null, "main_name": "GOLD TAHOE", "aliases": [ "Cl0P Group Identity", "FIN11 ", "GRACEFUL SPIDER ", "SectorJ04 ", "Spandex Tempest ", "TA505 " ], "source_name": "Secureworks:GOLD TAHOE", "tools": [ "Clop", "Cobalt Strike", "FlawedAmmy", "Get2", "GraceWire", "Malichus", "SDBbot", "ServHelper", "TrueBot" ], "source_id": "Secureworks", "reports": null }, { "id": "75d4d6a9-b5d1-4087-a7a0-e4a9587c45f4", "created_at": "2022-10-25T15:50:23.5188Z", "updated_at": "2026-04-10T02:00:05.26565Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "TA505", "Hive0065", "Spandex Tempest", "CHIMBORAZO" ], "source_name": "MITRE:TA505", "tools": [ "AdFind", "Azorult", "FlawedAmmyy", "Mimikatz", "Dridex", "TrickBot", "Get2", "FlawedGrace", "Cobalt Strike", "ServHelper", "Amadey", "SDBbot", "PowerSploit" ], "source_id": "MITRE", "reports": null }, { "id": "99cb4e5b-8071-4f9e-aa1d-45bfbb6197e3", "created_at": "2023-01-06T13:46:38.860754Z", "updated_at": "2026-04-10T02:00:03.125179Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "SectorJ04", "SectorJ04 Group", "ATK103", "GRACEFUL SPIDER", "GOLD TAHOE", "Dudear", "G0092", "Hive0065", "CHIMBORAZO", "Spandex Tempest" ], "source_name": "MISPGALAXY:TA505", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "e447d393-c259-46e2-9932-19be2ba67149", "created_at": "2022-10-25T16:07:24.28282Z", "updated_at": "2026-04-10T02:00:04.921616Z", "deleted_at": null, "main_name": "TA505", "aliases": [ "ATK 103", "Chimborazo", "G0092", "Gold Evergreen", "Gold Tahoe", "Graceful Spider", "Hive0065", "Operation Tovar", "Operation Trident Breach", "SectorJ04", "Spandex Tempest", "TA505", "TEMP.Warlock" ], "source_name": "ETDA:TA505", "tools": [ "Amadey", "AmmyyRAT", "AndroMut", "Azer", "Bart", "Bugat v5", "CryptFile2", "CryptoLocker", "CryptoMix", "CryptoShield", "Dridex", "Dudear", "EmailStealer", "FRIENDSPEAK", "Fake Globe", "Fareit", "FlawedAmmyy", "FlawedGrace", "FlowerPippi", "GOZ", "GameOver Zeus", "GazGolder", "Gelup", "Get2", "GetandGo", "GlobeImposter", "Gorhax", "GraceWire", "Gussdoor", "Jaff", "Kasidet", "Kegotip", "Kneber", "LOLBAS", "LOLBins", "Living off the Land", "Locky", "MINEBRIDGE", "MINEBRIDGE RAT", "MirrorBlast", "Neutrino Bot", "Neutrino Exploit Kit", "P2P Zeus", "Peer-to-Peer Zeus", "Philadelphia", "Philadephia Ransom", "Pony Loader", "Rakhni", "ReflectiveGnome", "Remote Manipulator System", "RockLoader", "RuRAT", "SDBbot", "ServHelper", "Shifu", "Siplog", "TeslaGun", "TiniMet", "TinyMet", "Trojan.Zbot", "Wsnpoem", "Zbot", "Zeta", "ZeuS", "Zeus" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434721, "ts_updated_at": 1775826720, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/a203bd296538100b1a2eb4b2c894ec734893c1ad.pdf", "text": "https://archive.orkl.eu/a203bd296538100b1a2eb4b2c894ec734893c1ad.txt", "img": "https://archive.orkl.eu/a203bd296538100b1a2eb4b2c894ec734893c1ad.jpg" } }