{
	"id": "4505f0a9-bd9e-48ca-a71d-6211a3e0e960",
	"created_at": "2026-04-06T00:19:01.798352Z",
	"updated_at": "2026-04-10T03:35:26.962139Z",
	"deleted_at": null,
	"sha1_hash": "b3241107ac075f4fc72ed33a9096974a3ab17d28",
	"title": "Yasso (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 35250,
	"plain_text": "Yasso (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 14:29:41 UTC\r\nwin.yasso (Back to overview)\r\nYasso\r\nAccording to Palo Alto Networks, Yasso is an open source multi-platform intranet-assisted penetration toolset that\r\nbrings together a number of features such as scanning, brute forcing, remote interactive shell, and running\r\narbitrary commands. It is authored by a Mandarin-speaking pentester nicknamed Sairson.\r\nReferences\r\n2024-09-04 ⋅ Natto Thoughts ⋅ Natto Team\r\nReconnaissance Scanning Tools Used by Chinese Threat Actors and Those Available in Open Source\r\nscanbox Ladon Yasso\r\n2023-06-16 ⋅ Palo Alto Networks: Cortex Threat Research ⋅ Lior Rochberger\r\nThrough the Cortex XDR Lens: Uncovering a New Activity Group Targeting Governments in the Middle East\r\nand Africa\r\nCHINACHOPPER Ladon Yasso CL-STA-0043\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.yasso\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.yasso\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.yasso"
	],
	"report_names": [
		"win.yasso"
	],
	"threat_actors": [
		{
			"id": "ffc66b49-9396-46af-966f-9376c4315f32",
			"created_at": "2023-11-21T02:00:07.339061Z",
			"updated_at": "2026-04-10T02:00:03.462317Z",
			"deleted_at": null,
			"main_name": "CL-STA-0043",
			"aliases": [
				"TGR-STA-0043"
			],
			"source_name": "MISPGALAXY:CL-STA-0043",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "cff2cedd-a198-4e79-ae67-19048084ae7f",
			"created_at": "2024-06-20T02:02:09.945126Z",
			"updated_at": "2026-04-10T02:00:04.79991Z",
			"deleted_at": null,
			"main_name": "Operation Diplomatic Specter",
			"aliases": [
				"CL-STA-0043",
				"TGR-STA-0043"
			],
			"source_name": "ETDA:Operation Diplomatic Specter",
			"tools": [
				"Agent Racoon",
				"Agent.dhwf",
				"AngryRebel",
				"CHINACHOPPER",
				"China Chopper",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"Gh0st RAT",
				"Ghost RAT",
				"HTran",
				"HUC Packet Transmit Tool",
				"JuicyPotatoNG",
				"Kaba",
				"Korplug",
				"LadonGo",
				"Mimikatz",
				"Mimilite",
				"Moudour",
				"Mydoor",
				"NBTscan",
				"Ntospy",
				"PCRat",
				"PlugX",
				"RedDelta",
				"SharpEfsPotato",
				"SinoChopper",
				"Sogu",
				"SweetSpecter",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"TunnelSpecter",
				"Xamtrav",
				"Yasso",
				"nbtscan"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434741,
	"ts_updated_at": 1775792126,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b3241107ac075f4fc72ed33a9096974a3ab17d28.pdf",
		"text": "https://archive.orkl.eu/b3241107ac075f4fc72ed33a9096974a3ab17d28.txt",
		"img": "https://archive.orkl.eu/b3241107ac075f4fc72ed33a9096974a3ab17d28.jpg"
	}
}