{ "id": "90aca8af-f4f4-4cc2-935a-e76ff3c3046f", "created_at": "2026-04-06T01:32:00.2061Z", "updated_at": "2026-04-10T03:37:40.770098Z", "deleted_at": null, "sha1_hash": "b4af2d450e96756d585f52feea7c93dcf168a8cf", "title": "protections-artifacts/yara/rules/Windows_Trojan_WarmCookie.yar at main · elastic/protections-artifacts", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 194512, "plain_text": "protections-artifacts/yara/rules/Windows_Trojan_WarmCookie.yar at main ·\r\nelastic/protections-artifacts\r\nBy protectionsmachine\r\nArchived: 2026-04-06 00:15:00 UTC\r\nLinux_Backdoor_Bash.yar\r\nLinux_Backdoor_Fontonlake.yar\r\nLinux_Backdoor_Generic.yar\r\nLinux_Backdoor_Python.yar\r\nLinux_Backdoor_Tinyshell.yar\r\nLinux_Cryptominer_Attribute.yar\r\nLinux_Cryptominer_Bscope.yar\r\nLinux_Cryptominer_Bulz.yar\r\nLinux_Cryptominer_Camelot.yar\r\nLinux_Cryptominer_Casdet.yar\r\nLinux_Cryptominer_Ccminer.yar\r\nLinux_Cryptominer_Flystudio.yar\r\nLinux_Cryptominer_Generic.yar\r\nLinux_Cryptominer_Ksmdbot.yar\r\nLinux_Cryptominer_Loudminer.yar\r\nLinux_Cryptominer_Malxmr.yar\r\nLinux_Cryptominer_Miancha.yar\r\nLinux_Cryptominer_Minertr.yar\r\nLinux_Cryptominer_Pgminer.yar\r\nLinux_Cryptominer_Presenoker.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 1 of 27\n\nLinux_Cryptominer_Roboto.yar\r\nLinux_Cryptominer_Stak.yar\r\nLinux_Cryptominer_Ursu.yar\r\nLinux_Cryptominer_Uwamson.yar\r\nLinux_Cryptominer_Xmrig.yar\r\nLinux_Cryptominer_Xmrminer.yar\r\nLinux_Cryptominer_Xpaj.yar\r\nLinux_Cryptominer_Zexaf.yar\r\nLinux_Downloader_Generic.yar\r\nLinux_Exploit_Abrox.yar\r\nLinux_Exploit_Alie.yar\r\nLinux_Exploit_CVE_2009_1897.yar\r\nLinux_Exploit_CVE_2009_2698.yar\r\nLinux_Exploit_CVE_2009_2908.yar\r\nLinux_Exploit_CVE_2010_3301.yar\r\nLinux_Exploit_CVE_2012_0056.yar\r\nLinux_Exploit_CVE_2014_3153.yar\r\nLinux_Exploit_CVE_2016_4557.yar\r\nLinux_Exploit_CVE_2016_5195.yar\r\nLinux_Exploit_CVE_2017_100011.yar\r\nLinux_Exploit_CVE_2017_16995.yar\r\nLinux_Exploit_CVE_2018_10561.yar\r\nLinux_Exploit_CVE_2019_13272.yar\r\nLinux_Exploit_CVE_2021_3156.yar\r\nLinux_Exploit_CVE_2021_3490.yar\r\nLinux_Exploit_CVE_2021_4034.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 2 of 27\n\nLinux_Exploit_CVE_2022_0847.yar\r\nLinux_Exploit_Cornelgen.yar\r\nLinux_Exploit_Courier.yar\r\nLinux_Exploit_Criscras.yar\r\nLinux_Exploit_Dirtycow.yar\r\nLinux_Exploit_Enoket.yar\r\nLinux_Exploit_Foda.yar\r\nLinux_Exploit_IOUring.yar\r\nLinux_Exploit_Intfour.yar\r\nLinux_Exploit_Local.yar\r\nLinux_Exploit_Log4j.yar\r\nLinux_Exploit_Lotoor.yar\r\nLinux_Exploit_Moogrey.yar\r\nLinux_Exploit_Openssl.yar\r\nLinux_Exploit_Perl.yar\r\nLinux_Exploit_Pulse.yar\r\nLinux_Exploit_Race.yar\r\nLinux_Exploit_Ramen.yar\r\nLinux_Exploit_Sorso.yar\r\nLinux_Exploit_Vmsplice.yar\r\nLinux_Exploit_Wuftpd.yar\r\nLinux_Generic_Threat.yar\r\nLinux_Hacktool_Aduh.yar\r\nLinux_Hacktool_Bruteforce.yar\r\nLinux_Hacktool_Cleanlog.yar\r\nLinux_Hacktool_Earthworm.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 3 of 27\n\nLinux_Hacktool_Exploitscan.yar\r\nLinux_Hacktool_Flooder.yar\r\nLinux_Hacktool_Fontonlake.yar\r\nLinux_Hacktool_Infectionmonkey.yar\r\nLinux_Hacktool_Lightning.yar\r\nLinux_Hacktool_LigoloNG.yar\r\nLinux_Hacktool_Outlaw.yar\r\nLinux_Hacktool_Portscan.yar\r\nLinux_Hacktool_Prochide.yar\r\nLinux_Hacktool_Tcpscan.yar\r\nLinux_Hacktool_Wipelog.yar\r\nLinux_Packer_Patched_UPX.yar\r\nLinux_Proxy_Frp.yar\r\nLinux_Ransomware_Agenda.yar\r\nLinux_Ransomware_Akira.yar\r\nLinux_Ransomware_Babuk.yar\r\nLinux_Ransomware_BlackBasta.yar\r\nLinux_Ransomware_BlackSuit.yar\r\nLinux_Ransomware_Clop.yar\r\nLinux_Ransomware_Conti.yar\r\nLinux_Ransomware_EchoRaix.yar\r\nLinux_Ransomware_Erebus.yar\r\nLinux_Ransomware_Esxiargs.yar\r\nLinux_Ransomware_Gonnacry.yar\r\nLinux_Ransomware_Hellokitty.yar\r\nLinux_Ransomware_Hive.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 4 of 27\n\nLinux_Ransomware_ItsSoEasy.yar\r\nLinux_Ransomware_LimpDemon.yar\r\nLinux_Ransomware_Lockbit.yar\r\nLinux_Ransomware_Monti.yar\r\nLinux_Ransomware_NoEscape.yar\r\nLinux_Ransomware_Quantum.yar\r\nLinux_Ransomware_RagnarLocker.yar\r\nLinux_Ransomware_RedAlert.yar\r\nLinux_Ransomware_RoyalPest.yar\r\nLinux_Ransomware_SFile.yar\r\nLinux_Ransomware_Sodinokibi.yar\r\nLinux_Rootkit_Adore.yar\r\nLinux_Rootkit_Arkd.yar\r\nLinux_Rootkit_Bedevil.yar\r\nLinux_Rootkit_BrokePKG.yar\r\nLinux_Rootkit_Dakkatoni.yar\r\nLinux_Rootkit_Diamorphine.yar\r\nLinux_Rootkit_Flipswitch.yar\r\nLinux_Rootkit_Fontonlake.yar\r\nLinux_Rootkit_Generic.yar\r\nLinux_Rootkit_HiddenWasp.yar\r\nLinux_Rootkit_Jynx.yar\r\nLinux_Rootkit_Kovid.yar\r\nLinux_Rootkit_Melofee.yar\r\nLinux_Rootkit_Mobkit.yar\r\nLinux_Rootkit_Perfctl.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 5 of 27\n\nLinux_Rootkit_Reptile.yar\r\nLinux_Rootkit_Snapekit.yar\r\nLinux_Rootkit_Suterusu.yar\r\nLinux_Shellcode_Generic.yar\r\nLinux_Trojan_Adlibrary.yar\r\nLinux_Trojan_Asacub.yar\r\nLinux_Trojan_Autocolor.yar\r\nLinux_Trojan_Azeela.yar\r\nLinux_Trojan_BPFDoor.yar\r\nLinux_Trojan_Backconnect.yar\r\nLinux_Trojan_Backegmm.yar\r\nLinux_Trojan_Badbee.yar\r\nLinux_Trojan_Banload.yar\r\nLinux_Trojan_Bedevil.yar\r\nLinux_Trojan_Bish.yar\r\nLinux_Trojan_Bluez.yar\r\nLinux_Trojan_Cerbu.yar\r\nLinux_Trojan_Chinaz.yar\r\nLinux_Trojan_Connectback.yar\r\nLinux_Trojan_Ddostf.yar\r\nLinux_Trojan_DinodasRAT.yar\r\nLinux_Trojan_Dnsamp.yar\r\nLinux_Trojan_Dofloo.yar\r\nLinux_Trojan_Dropperl.yar\r\nLinux_Trojan_Ebury.yar\r\nLinux_Trojan_FinalDraft.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 6 of 27\n\nLinux_Trojan_Gafgyt.yar\r\nLinux_Trojan_Ganiw.yar\r\nLinux_Trojan_Generic.yar\r\nLinux_Trojan_Getshell.yar\r\nLinux_Trojan_Godlua.yar\r\nLinux_Trojan_Godropper.yar\r\nLinux_Trojan_Gognt.yar\r\nLinux_Trojan_Hiddad.yar\r\nLinux_Trojan_Ipstorm.yar\r\nLinux_Trojan_Ircbot.yar\r\nLinux_Trojan_Iroffer.yar\r\nLinux_Trojan_Kaiji.yar\r\nLinux_Trojan_Kinsing.yar\r\nLinux_Trojan_Ladvix.yar\r\nLinux_Trojan_Lady.yar\r\nLinux_Trojan_Lala.yar\r\nLinux_Trojan_Malxmr.yar\r\nLinux_Trojan_Marut.yar\r\nLinux_Trojan_Masan.yar\r\nLinux_Trojan_Mech.yar\r\nLinux_Trojan_Mechbot.yar\r\nLinux_Trojan_Melofee.yar\r\nLinux_Trojan_Merlin.yar\r\nLinux_Trojan_Metasploit.yar\r\nLinux_Trojan_Meterpreter.yar\r\nLinux_Trojan_Mettle.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 7 of 27\n\nLinux_Trojan_Mirai.yar\r\nLinux_Trojan_Mobidash.yar\r\nLinux_Trojan_Mumblehard.yar\r\nLinux_Trojan_Ngioweb.yar\r\nLinux_Trojan_Nuker.yar\r\nLinux_Trojan_Orbit.yar\r\nLinux_Trojan_Patpooty.yar\r\nLinux_Trojan_Pnscan.yar\r\nLinux_Trojan_Pornoasset.yar\r\nLinux_Trojan_Psybnc.yar\r\nLinux_Trojan_Pumakit.yar\r\nLinux_Trojan_Rbot.yar\r\nLinux_Trojan_Rekoobe.yar\r\nLinux_Trojan_Roopre.yar\r\nLinux_Trojan_Rooter.yar\r\nLinux_Trojan_Rotajakiro.yar\r\nLinux_Trojan_Rozena.yar\r\nLinux_Trojan_Sambashell.yar\r\nLinux_Trojan_Sckit.yar\r\nLinux_Trojan_Sdbot.yar\r\nLinux_Trojan_Setag.yar\r\nLinux_Trojan_Sfloost.yar\r\nLinux_Trojan_Shark.yar\r\nLinux_Trojan_Shellbot.yar\r\nLinux_Trojan_Skidmap.yar\r\nLinux_Trojan_Snessik.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 8 of 27\n\nLinux_Trojan_Snowlight.yar\r\nLinux_Trojan_Springtail.yar\r\nLinux_Trojan_Sqlexp.yar\r\nLinux_Trojan_Sshdkit.yar\r\nLinux_Trojan_Sshdoor.yar\r\nLinux_Trojan_Subsevux.yar\r\nLinux_Trojan_Swrort.yar\r\nLinux_Trojan_Sysrv.yar\r\nLinux_Trojan_Truncpx.yar\r\nLinux_Trojan_Tsunami.yar\r\nLinux_Trojan_Winnti.yar\r\nLinux_Trojan_XZBackdoor.yar\r\nLinux_Trojan_Xhide.yar\r\nLinux_Trojan_Xorddos.yar\r\nLinux_Trojan_Xpmmap.yar\r\nLinux_Trojan_Zerobot.yar\r\nLinux_Trojan_Zpevdo.yar\r\nLinux_Virus_Gmon.yar\r\nLinux_Virus_Rst.yar\r\nLinux_Virus_Staffcounter.yar\r\nLinux_Virus_Thebe.yar\r\nLinux_Webshell_Generic.yar\r\nLinux_Worm_Generic.yar\r\nMacOS_Backdoor_Applejeus.yar\r\nMacOS_Backdoor_Fakeflashlxk.yar\r\nMacOS_Backdoor_Kagent.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 9 of 27\n\nMacOS_Backdoor_Keyboardrecord.yar\r\nMacOS_Backdoor_Useragent.yar\r\nMacOS_Creddump_KeychainAccess.yar\r\nMacOS_Cryptominer_Generic.yar\r\nMacOS_Cryptominer_Xmrig.yar\r\nMacOS_Exploit_Log4j.yar\r\nMacOS_Hacktool_Bifrost.yar\r\nMacOS_Hacktool_Swiftbelt.yar\r\nMacOS_Infostealer_MdQueryPassw.yar\r\nMacOS_Infostealer_MdQuerySecret.yar\r\nMacOS_Infostealer_MdQueryTCC.yar\r\nMacOS_Infostealer_MdQueryToken.yar\r\nMacOS_Trojan_Adload.yar\r\nMacOS_Trojan_Amcleaner.yar\r\nMacOS_Trojan_Aobokeylogger.yar\r\nMacOS_Trojan_Bundlore.yar\r\nMacOS_Trojan_Eggshell.yar\r\nMacOS_Trojan_Electrorat.yar\r\nMacOS_Trojan_Fplayer.yar\r\nMacOS_Trojan_Generic.yar\r\nMacOS_Trojan_Genieo.yar\r\nMacOS_Trojan_Getshell.yar\r\nMacOS_Trojan_HLoader.yar\r\nMacOS_Trojan_KandyKorn.yar\r\nMacOS_Trojan_Metasploit.yar\r\nMacOS_Trojan_RustBucket.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 10 of 27\n\nMacOS_Trojan_SugarLoader.yar\r\nMacOS_Trojan_Thiefquest.yar\r\nMacOS_Virus_Maxofferdeal.yar\r\nMacOS_Virus_Pirrit.yar\r\nMacOS_Virus_Vsearch.yar\r\nMacos_Hacktool_JokerSpy.yar\r\nMacos_Infostealer_EncodedOsascript.yar\r\nMacos_Infostealer_Wallets.yar\r\nMulti_AttackSimulation_Blindspot.yar\r\nMulti_Cryptominer_Xmrig.yar\r\nMulti_EICAR.yar\r\nMulti_Generic_Threat.yar\r\nMulti_Hacktool_Gsocket.yar\r\nMulti_Hacktool_Nps.yar\r\nMulti_Hacktool_Rakshasa.yar\r\nMulti_Hacktool_Stowaway.yar\r\nMulti_Hacktool_SuperShell.yar\r\nMulti_Ransomware_Akira.yar\r\nMulti_Ransomware_BlackCat.yar\r\nMulti_Ransomware_Luna.yar\r\nMulti_Ransomware_RansomHub.yar\r\nMulti_Trojan_Coreimpact.yar\r\nMulti_Trojan_EmpirGo.yar\r\nMulti_Trojan_FinalDraft.yar\r\nMulti_Trojan_Goffloader.yar\r\nMulti_Trojan_Gosar.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 11 of 27\n\nMulti_Trojan_Merlin.yar\r\nMulti_Trojan_Mythic.yar\r\nMulti_Trojan_Sliver.yar\r\nMulti_Trojan_SparkRat.yar\r\nWindows_AttackSimulation_Hovercraft.yar\r\nWindows_Backdoor_DragonCastling.yar\r\nWindows_Backdoor_Goldbackdoor.yar\r\nWindows_Backdoor_TeamViewer.yar\r\nWindows_Clickfraud_LuckySlots.yar\r\nWindows_Cryptominer_Generic.yar\r\nWindows_Exploit_CVE_2022_38028.yar\r\nWindows_Exploit_Dcom.yar\r\nWindows_Exploit_Eternalblue.yar\r\nWindows_Exploit_FakePipe.yar\r\nWindows_Exploit_Generic.yar\r\nWindows_Exploit_IoRing.yar\r\nWindows_Exploit_Log4j.yar\r\nWindows_Exploit_Perfusion.yar\r\nWindows_Exploit_RpcJunction.yar\r\nWindows_Generic_MalCert.yar\r\nWindows_Generic_Threat.yar\r\nWindows_Hacktool_AskCreds.yar\r\nWindows_Hacktool_BlackBone.yar\r\nWindows_Hacktool_COFFLoader.yar\r\nWindows_Hacktool_Capcom.yar\r\nWindows_Hacktool_Certify.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 12 of 27\n\nWindows_Hacktool_CheatEngine.yar\r\nWindows_Hacktool_ChromeKatz.yar\r\nWindows_Hacktool_ClrOxide.yar\r\nWindows_Hacktool_CpuLocker.yar\r\nWindows_Hacktool_DarkLoadLibrary.yar\r\nWindows_Hacktool_Dcsyncer.yar\r\nWindows_Hacktool_DinvokeRust.yar\r\nWindows_Hacktool_EDRWFP.yar\r\nWindows_Hacktool_EDRrecon.yar\r\nWindows_Hacktool_ExecuteAssembly.yar\r\nWindows_Hacktool_Gmer.yar\r\nWindows_Hacktool_GodPotato.yar\r\nWindows_Hacktool_Iox.yar\r\nWindows_Hacktool_LeiGod.yar\r\nWindows_Hacktool_Mimikatz.yar\r\nWindows_Hacktool_NetFilter.yar\r\nWindows_Hacktool_Nimhawk.yar\r\nWindows_Hacktool_Phant0m.yar\r\nWindows_Hacktool_PhysMem.yar\r\nWindows_Hacktool_ProcessHacker.yar\r\nWindows_Hacktool_RingQ.yar\r\nWindows_Hacktool_Rubeus.yar\r\nWindows_Hacktool_SafetyKatz.yar\r\nWindows_Hacktool_Seatbelt.yar\r\nWindows_Hacktool_SharPersist.yar\r\nWindows_Hacktool_SharpAppLocker.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 13 of 27\n\nWindows_Hacktool_SharpChromium.yar\r\nWindows_Hacktool_SharpDump.yar\r\nWindows_Hacktool_SharpGPOAbuse.yar\r\nWindows_Hacktool_SharpHound.yar\r\nWindows_Hacktool_SharpLAPS.yar\r\nWindows_Hacktool_SharpMove.yar\r\nWindows_Hacktool_SharpRDP.yar\r\nWindows_Hacktool_SharpSCCM.yar\r\nWindows_Hacktool_SharpShares.yar\r\nWindows_Hacktool_SharpStay.yar\r\nWindows_Hacktool_SharpUp.yar\r\nWindows_Hacktool_SharpView.yar\r\nWindows_Hacktool_SharpWMI.yar\r\nWindows_Hacktool_SleepObfLoader.yar\r\nWindows_Hacktool_WinPEAS_ng.yar\r\nWindows_Infostealer_EddieStealer.yar\r\nWindows_Infostealer_Generic.yar\r\nWindows_Infostealer_NovaBlight.yar\r\nWindows_Infostealer_PhemedroneStealer.yar\r\nWindows_Infostealer_Strela.yar\r\nWindows_PUP_Generic.yar\r\nWindows_PUP_MediaArena.yar\r\nWindows_PUP_Veriato.yar\r\nWindows_Packer_ScrubCrypt.yar\r\nWindows_Ransomware_Agenda.yar\r\nWindows_Ransomware_Akira.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 14 of 27\n\nWindows_Ransomware_Avoslocker.yar\r\nWindows_Ransomware_Azov.yar\r\nWindows_Ransomware_Bitpaymer.yar\r\nWindows_Ransomware_BlackBasta.yar\r\nWindows_Ransomware_BlackHunt.yar\r\nWindows_Ransomware_Blackmatter.yar\r\nWindows_Ransomware_Cicada3301.yar\r\nWindows_Ransomware_Clop.yar\r\nWindows_Ransomware_Conti.yar\r\nWindows_Ransomware_Crytox.yar\r\nWindows_Ransomware_Cuba.yar\r\nWindows_Ransomware_Darkside.yar\r\nWindows_Ransomware_Dharma.yar\r\nWindows_Ransomware_Doppelpaymer.yar\r\nWindows_Ransomware_DragonForce.yar\r\nWindows_Ransomware_Egregor.yar\r\nWindows_Ransomware_GandCrab.yar\r\nWindows_Ransomware_Generic.yar\r\nWindows_Ransomware_Grief.yar\r\nWindows_Ransomware_Haron.yar\r\nWindows_Ransomware_Hellokitty.yar\r\nWindows_Ransomware_Helloxd.yar\r\nWindows_Ransomware_Hive.yar\r\nWindows_Ransomware_Lockbit.yar\r\nWindows_Ransomware_Lockfile.yar\r\nWindows_Ransomware_Magniber.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 15 of 27\n\nWindows_Ransomware_Makop.yar\r\nWindows_Ransomware_Maui.yar\r\nWindows_Ransomware_Maze.yar\r\nWindows_Ransomware_Medusa.yar\r\nWindows_Ransomware_Mespinoza.yar\r\nWindows_Ransomware_Mountlocker.yar\r\nWindows_Ransomware_Nightsky.yar\r\nWindows_Ransomware_Pandora.yar\r\nWindows_Ransomware_Phobos.yar\r\nWindows_Ransomware_Ragnarok.yar\r\nWindows_Ransomware_Ransomexx.yar\r\nWindows_Ransomware_Rook.yar\r\nWindows_Ransomware_Royal.yar\r\nWindows_Ransomware_Ryuk.yar\r\nWindows_Ransomware_Snake.yar\r\nWindows_Ransomware_Sodinokibi.yar\r\nWindows_Ransomware_Stop.yar\r\nWindows_Ransomware_Thanos.yar\r\nWindows_Ransomware_Vgod.yar\r\nWindows_Ransomware_Vhd.yar\r\nWindows_Ransomware_WannaCry.yar\r\nWindows_Ransomware_WhisperGate.yar\r\nWindows_RemoteAdmin_UltraVNC.yar\r\nWindows_Rootkit_AbyssWorker.yar\r\nWindows_Rootkit_R77.yar\r\nWindows_Shellcode_Generic.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 16 of 27\n\nWindows_Shellcode_Rdi.yar\r\nWindows_Trojan_A310logger.yar\r\nWindows_Trojan_ACRStealer.yar\r\nWindows_Trojan_Adaptix.yar\r\nWindows_Trojan_Afdk.yar\r\nWindows_Trojan_AgentTesla.yar\r\nWindows_Trojan_Amadey.yar\r\nWindows_Trojan_Arechclient2.yar\r\nWindows_Trojan_ArkeiStealer.yar\r\nWindows_Trojan_Asyncrat.yar\r\nWindows_Trojan_AveMaria.yar\r\nWindows_Trojan_Azorult.yar\r\nWindows_Trojan_BITSloth.yar\r\nWindows_Trojan_Babble.yar\r\nWindows_Trojan_Babylonrat.yar\r\nWindows_Trojan_Backoff.yar\r\nWindows_Trojan_BadIIS.yar\r\nWindows_Trojan_Bandook.yar\r\nWindows_Trojan_Bazar.yar\r\nWindows_Trojan_Beam.yar\r\nWindows_Trojan_Behinder.yar\r\nWindows_Trojan_Bitrat.yar\r\nWindows_Trojan_BlackShades.yar\r\nWindows_Trojan_Blackwood.yar\r\nWindows_Trojan_Blister.yar\r\nWindows_Trojan_BloodAlchemy.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 17 of 27\n\nWindows_Trojan_BruteRatel.yar\r\nWindows_Trojan_Buerloader.yar\r\nWindows_Trojan_Bughatch.yar\r\nWindows_Trojan_Bumblebee.yar\r\nWindows_Trojan_CaesarKbd.yar\r\nWindows_Trojan_Carberp.yar\r\nWindows_Trojan_CastleLoader.yar\r\nWindows_Trojan_Clipbanker.yar\r\nWindows_Trojan_CobaltStrike.yar\r\nWindows_Trojan_Cryptbot.yar\r\nWindows_Trojan_CyberGate.yar\r\nWindows_Trojan_DBatLoader.yar\r\nWindows_Trojan_DCRat.yar\r\nWindows_Trojan_DTrack.yar\r\nWindows_Trojan_Danabot.yar\r\nWindows_Trojan_Dante.yar\r\nWindows_Trojan_DarkCloud.yar\r\nWindows_Trojan_DarkGate.yar\r\nWindows_Trojan_DarkVNC.yar\r\nWindows_Trojan_Darkcomet.yar\r\nWindows_Trojan_DeerStealer.yar\r\nWindows_Trojan_Deimos.yar\r\nWindows_Trojan_DiamondFox.yar\r\nWindows_Trojan_Diceloader.yar\r\nWindows_Trojan_DodgeBox.yar\r\nWindows_Trojan_Donutloader.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 18 of 27\n\nWindows_Trojan_DoorMe.yar\r\nWindows_Trojan_DoubleBack.yar\r\nWindows_Trojan_DoubleLoader.yar\r\nWindows_Trojan_DownTown.yar\r\nWindows_Trojan_DragonBreath.yar\r\nWindows_Trojan_DreamJob.yar\r\nWindows_Trojan_Dridex.yar\r\nWindows_Trojan_DustyWarehouse.yar\r\nWindows_Trojan_EagerBee.yar\r\nWindows_Trojan_Emotet.yar\r\nWindows_Trojan_Fabookie.yar\r\nWindows_Trojan_FalseFont.yar\r\nWindows_Trojan_Farfli.yar\r\nWindows_Trojan_Fickerstealer.yar\r\nWindows_Trojan_FinalDraft.yar\r\nWindows_Trojan_FlawedGrace.yar\r\nWindows_Trojan_Formbook.yar\r\nWindows_Trojan_Garble.yar\r\nWindows_Trojan_Generic.yar\r\nWindows_Trojan_Gh0st.yar\r\nWindows_Trojan_GhostEngine.yar\r\nWindows_Trojan_GhostPulse.yar\r\nWindows_Trojan_Glupteba.yar\r\nWindows_Trojan_Gozi.yar\r\nWindows_Trojan_Grandoreiro.yar\r\nWindows_Trojan_GuidLoader.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 19 of 27\n\nWindows_Trojan_Guloader.yar\r\nWindows_Trojan_Hancitor.yar\r\nWindows_Trojan_Havoc.yar\r\nWindows_Trojan_Hawkeye.yar\r\nWindows_Trojan_HazelCobra.yar\r\nWindows_Trojan_HiddenCli.yar\r\nWindows_Trojan_HiddenDriver.yar\r\nWindows_Trojan_HijackLoader.yar\r\nWindows_Trojan_HotPage.yar\r\nWindows_Trojan_IcedID.yar\r\nWindows_Trojan_JesterStealer.yar\r\nWindows_Trojan_Jupyter.yar\r\nWindows_Trojan_KoiLoader.yar\r\nWindows_Trojan_Kronos.yar\r\nWindows_Trojan_Latrodectus.yar\r\nWindows_Trojan_LegionLoader.yar\r\nWindows_Trojan_Limerat.yar\r\nWindows_Trojan_Lobshot.yar\r\nWindows_Trojan_Lokibot.yar\r\nWindows_Trojan_Lumma.yar\r\nWindows_Trojan_Lurker.yar\r\nWindows_Trojan_M0yv.yar\r\nWindows_Trojan_MagicRat.yar\r\nWindows_Trojan_MassLogger.yar\r\nWindows_Trojan_Mata.yar\r\nWindows_Trojan_Matanbuchus.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 20 of 27\n\nWindows_Trojan_Merlin.yar\r\nWindows_Trojan_MetaStealer.yar\r\nWindows_Trojan_Metasploit.yar\r\nWindows_Trojan_MicroBackdoor.yar\r\nWindows_Trojan_MimicRat.yar\r\nWindows_Trojan_ModPipe.yar\r\nWindows_Trojan_MonsterV2.yar\r\nWindows_Trojan_MyloBot.yar\r\nWindows_Trojan_NanoRemote.yar\r\nWindows_Trojan_Nanocore.yar\r\nWindows_Trojan_NapListener.yar\r\nWindows_Trojan_Netwire.yar\r\nWindows_Trojan_Nighthawk.yar\r\nWindows_Trojan_NightshadeC2.yar\r\nWindows_Trojan_Nimplant.yar\r\nWindows_Trojan_Njrat.yar\r\nWindows_Trojan_NukeSped.yar\r\nWindows_Trojan_Octopus.yar\r\nWindows_Trojan_OnlyLogger.yar\r\nWindows_Trojan_OskiStealer.yar\r\nWindows_Trojan_Oyster.yar\r\nWindows_Trojan_P8Loader.yar\r\nWindows_Trojan_Pandastealer.yar\r\nWindows_Trojan_Parallax.yar\r\nWindows_Trojan_PathLoader.yar\r\nWindows_Trojan_Phoreal.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 21 of 27\n\nWindows_Trojan_PikaBot.yar\r\nWindows_Trojan_Pingpull.yar\r\nWindows_Trojan_PipeDance.yar\r\nWindows_Trojan_PizzaPotion.yar\r\nWindows_Trojan_PlugX.yar\r\nWindows_Trojan_Pony.yar\r\nWindows_Trojan_PoshC2.yar\r\nWindows_Trojan_PowerSeal.yar\r\nWindows_Trojan_PrivateLoader.yar\r\nWindows_Trojan_ProtectS.yar\r\nWindows_Trojan_Qbot.yar\r\nWindows_Trojan_Quasarrat.yar\r\nWindows_Trojan_Raccoon.yar\r\nWindows_Trojan_RaspberryRobin.yar\r\nWindows_Trojan_RedLineStealer.yar\r\nWindows_Trojan_Remcos.yar\r\nWindows_Trojan_Revcoderat.yar\r\nWindows_Trojan_Revengerat.yar\r\nWindows_Trojan_Rhadamanthys.yar\r\nWindows_Trojan_RoningLoader.yar\r\nWindows_Trojan_RudeBird.yar\r\nWindows_Trojan_STRRAT.yar\r\nWindows_Trojan_SVCReady.yar\r\nWindows_Trojan_SadBridge.yar\r\nWindows_Trojan_SalatStealer.yar\r\nWindows_Trojan_ServHelper.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 22 of 27\n\nWindows_Trojan_ShadowPad.yar\r\nWindows_Trojan_ShelbyC2.yar\r\nWindows_Trojan_ShelbyLoader.yar\r\nWindows_Trojan_Shellter.yar\r\nWindows_Trojan_SiestaGraph.yar\r\nWindows_Trojan_SilentConnect.yar\r\nWindows_Trojan_Sliver.yar\r\nWindows_Trojan_Smokeloader.yar\r\nWindows_Trojan_SnakeKeylogger.yar\r\nWindows_Trojan_SolarMarker.yar\r\nWindows_Trojan_SomniRecord.yar\r\nWindows_Trojan_SourShark.yar\r\nWindows_Trojan_SpectralViper.yar\r\nWindows_Trojan_Squirrelwaffle.yar\r\nWindows_Trojan_Stealc.yar\r\nWindows_Trojan_StormKitty.yar\r\nWindows_Trojan_StumpZarus.yar\r\nWindows_Trojan_SuddenIcon.yar\r\nWindows_Trojan_Supper.yar\r\nWindows_Trojan_SysJoker.yar\r\nWindows_Trojan_SystemBC.yar\r\nWindows_Trojan_Sythe.yar\r\nWindows_Trojan_Tofsee.yar\r\nWindows_Trojan_Tollbooth.yar\r\nWindows_Trojan_Trickbot.yar\r\nWindows_Trojan_Tuoni.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 23 of 27\n\nWindows_Trojan_TwistedTinsel.yar\r\nWindows_Trojan_Vidar.yar\r\nWindows_Trojan_WMLoader.yar\r\nWindows_Trojan_WarmCookie.yar\r\nWindows_Trojan_WhisperGate.yar\r\nWindows_Trojan_WikiLoader.yar\r\nWindows_Trojan_WineLoader.yar\r\nWindows_Trojan_Winos.yar\r\nWindows_Trojan_XWorm.yar\r\nWindows_Trojan_Xeno.yar\r\nWindows_Trojan_Xpertrat.yar\r\nWindows_Trojan_XtremeRAT.yar\r\nWindows_Trojan_Zeus.yar\r\nWindows_Trojan_Zloader.yar\r\nWindows_Virus_Expiro.yar\r\nWindows_Virus_Floxif.yar\r\nWindows_Virus_Neshta.yar\r\nWindows_VulnDriver_ATSZIO.yar\r\nWindows_VulnDriver_Agent64.yar\r\nWindows_VulnDriver_Amifldrv.yar\r\nWindows_VulnDriver_ArPot.yar\r\nWindows_VulnDriver_AsIo.yar\r\nWindows_VulnDriver_Asrock.yar\r\nWindows_VulnDriver_Atillk.yar\r\nWindows_VulnDriver_BSMI.yar\r\nWindows_VulnDriver_Biostar.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 24 of 27\n\nWindows_VulnDriver_CCProtect.yar\r\nWindows_VulnDriver_Cpuz.yar\r\nWindows_VulnDriver_DBUtil.yar\r\nWindows_VulnDriver_DirectIo.yar\r\nWindows_VulnDriver_EchoDrv.yar\r\nWindows_VulnDriver_ElRawDisk.yar\r\nWindows_VulnDriver_Elby.yar\r\nWindows_VulnDriver_EneIo.yar\r\nWindows_VulnDriver_FidDrv.yar\r\nWindows_VulnDriver_Fidpci.yar\r\nWindows_VulnDriver_Fileseclab.yar\r\nWindows_VulnDriver_GDrv.yar\r\nWindows_VulnDriver_GlckIo.yar\r\nWindows_VulnDriver_Gvci.yar\r\nWindows_VulnDriver_HpPortIo.yar\r\nWindows_VulnDriver_HrSword.yar\r\nWindows_VulnDriver_IoBitUnlocker.yar\r\nWindows_VulnDriver_Iqvw.yar\r\nWindows_VulnDriver_LLAccess.yar\r\nWindows_VulnDriver_Lha.yar\r\nWindows_VulnDriver_MarvinHW.yar\r\nWindows_VulnDriver_Mhyprot.yar\r\nWindows_VulnDriver_MicroStar.yar\r\nWindows_VulnDriver_MsIo.yar\r\nWindows_VulnDriver_MtcBsv.yar\r\nWindows_VulnDriver_PowerProfiler.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 25 of 27\n\nWindows_VulnDriver_PowerTool.yar\r\nWindows_VulnDriver_ProcExp.yar\r\nWindows_VulnDriver_ProcId.yar\r\nWindows_VulnDriver_RWEverything.yar\r\nWindows_VulnDriver_RentDrv.yar\r\nWindows_VulnDriver_RtCore.yar\r\nWindows_VulnDriver_Rtkio.yar\r\nWindows_VulnDriver_Ryzen.yar\r\nWindows_VulnDriver_Sandra.yar\r\nWindows_VulnDriver_Segwin.yar\r\nWindows_VulnDriver_Speedfan.yar\r\nWindows_VulnDriver_ThreatFire.yar\r\nWindows_VulnDriver_ThrottleStop.yar\r\nWindows_VulnDriver_TmComm.yar\r\nWindows_VulnDriver_TopazOFD.yar\r\nWindows_VulnDriver_ToshibaBios.yar\r\nWindows_VulnDriver_TrueSight.yar\r\nWindows_VulnDriver_VBox.yar\r\nWindows_VulnDriver_Viragt.yar\r\nWindows_VulnDriver_Vmdrv.yar\r\nWindows_VulnDriver_WinDivert.yar\r\nWindows_VulnDriver_WinFlash.yar\r\nWindows_VulnDriver_WinIo.yar\r\nWindows_VulnDriver_XTier.yar\r\nWindows_VulnDriver_Zam.yar\r\nWindows_Wiper_CaddyWiper.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 26 of 27\n\nWindows_Wiper_DoubleZero.yar\r\nWindows_Wiper_HermeticWiper.yar\r\nWindows_Wiper_IsaacWiper.yar\r\nSource: https://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nhttps://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar\r\nPage 27 of 27", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_WarmCookie.yar" ], "report_names": [ "Windows_Trojan_WarmCookie.yar" ], "threat_actors": [ { "id": "1b1271d2-e9a2-4fc5-820b-69c9e4cfb312", "created_at": "2024-06-07T02:00:03.998431Z", "updated_at": "2026-04-10T02:00:03.64336Z", "deleted_at": null, "main_name": "RansomHub", "aliases": [], "source_name": "MISPGALAXY:RansomHub", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "6608b798-f92b-42af-a93f-d72800eeb3a3", "created_at": "2023-11-30T02:00:07.292Z", "updated_at": "2026-04-10T02:00:03.482199Z", "deleted_at": null, "main_name": "DragonForce", "aliases": [], "source_name": "MISPGALAXY:DragonForce", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "c13153a4-8dda-4cc5-ac31-c9ca25f3563c", "created_at": "2024-02-01T02:00:04.227755Z", "updated_at": "2026-04-10T02:00:03.522787Z", "deleted_at": null, "main_name": "Blackwood", "aliases": [], "source_name": "MISPGALAXY:Blackwood", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "8c8fea8c-c957-4618-99ee-1e188f073a0e", "created_at": "2024-02-02T02:00:04.086766Z", "updated_at": "2026-04-10T02:00:03.563647Z", "deleted_at": null, "main_name": "Storm-1567", "aliases": [ "Akira", "PUNK SPIDER", "GOLD SAHARA" ], "source_name": "MISPGALAXY:Storm-1567", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "0770ba43-efad-4f73-a5e4-21621a5ac86e", "created_at": "2024-03-08T02:02:14.61239Z", "updated_at": "2026-04-10T02:00:04.585473Z", "deleted_at": null, "main_name": "Blackwood", "aliases": [], "source_name": "ETDA:Blackwood", "tools": [ "NSPX30" ], "source_id": "ETDA", "reports": null }, { "id": "843f4240-33a7-4de4-8dcf-4ff9f9a8c758", "created_at": "2025-07-24T02:05:00.538379Z", "updated_at": "2026-04-10T02:00:03.657424Z", "deleted_at": null, "main_name": "GOLD FLAME", "aliases": [ "DragonForce" ], "source_name": "Secureworks:GOLD FLAME", "tools": [ "ADFind", "AnyDesk", "Cobalt Strike", "FileSeek", "Mimikatz", "SoftPerfect Network Scanner", "SystemBC", "socks.exe" ], "source_id": "Secureworks", "reports": null }, { "id": "191d7f9a-8c3c-442a-9f13-debe259d4cc2", "created_at": "2022-10-25T15:50:23.280374Z", "updated_at": "2026-04-10T02:00:05.305572Z", "deleted_at": null, "main_name": "Kimsuky", "aliases": [ "Kimsuky", "Black Banshee", "Velvet Chollima", "Emerald Sleet", "THALLIUM", "APT43", "TA427", "Springtail" ], "source_name": "MITRE:Kimsuky", "tools": [ "Troll Stealer", "schtasks", "Amadey", "GoBear", "Brave Prince", "CSPY Downloader", "gh0st RAT", "AppleSeed", "Gomir", "NOKKI", "QuasarRAT", "Gold Dragon", "PsExec", "KGH_SPY", "Mimikatz", "BabyShark", "TRANSLATEXT" ], "source_id": "MITRE", "reports": null }, { "id": "910b38e9-07fe-4b47-9cf4-e190a07b1b84", "created_at": "2024-04-24T02:00:49.516358Z", "updated_at": "2026-04-10T02:00:05.309426Z", "deleted_at": null, "main_name": "Akira", "aliases": [ "Akira", "GOLD SAHARA", "PUNK SPIDER", "Howling Scorpius" ], "source_name": "MITRE:Akira", "tools": [ "Mimikatz", "PsExec", "AdFind", "Akira _v2", "Akira", "Megazord", "LaZagne", "Rclone" ], "source_id": "MITRE", "reports": null }, { "id": "544ecd2c-82c9-417c-9d98-d1ae395df964", "created_at": "2025-10-29T02:00:52.035025Z", "updated_at": "2026-04-10T02:00:05.408558Z", "deleted_at": null, "main_name": "AppleJeus", "aliases": [ "AppleJeus", "Gleaming Pisces", "Citrine Sleet", "UNC1720", "UNC4736" ], "source_name": "MITRE:AppleJeus", "tools": null, "source_id": "MITRE", "reports": null }, { "id": "760f2827-1718-4eed-8234-4027c1346145", "created_at": "2023-01-06T13:46:38.670947Z", "updated_at": "2026-04-10T02:00:03.062424Z", "deleted_at": null, "main_name": "Kimsuky", "aliases": [ "G0086", "Emerald Sleet", "THALLIUM", "Springtail", "Sparkling Pisces", "Thallium", "Operation Stolen Pencil", "APT43", "Velvet Chollima", "Black Banshee" ], "source_name": "MISPGALAXY:Kimsuky", "tools": [ "xrat", "QUASARRAT", "RDP Wrapper", "TightVNC", "BabyShark", "RevClient" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "4d5f939b-aea9-4a0e-8bff-003079a261ea", "created_at": "2023-01-06T13:46:39.04841Z", "updated_at": "2026-04-10T02:00:03.196806Z", "deleted_at": null, "main_name": "APT41", "aliases": [ "WICKED PANDA", "BRONZE EXPORT", "Brass Typhoon", "TG-2633", "Leopard Typhoon", "G0096", "Grayfly", "BARIUM", "BRONZE ATLAS", "Red Kelpie", "G0044", "Earth Baku", "TA415", "WICKED SPIDER", "HOODOO", "Winnti", "Double Dragon" ], "source_name": "MISPGALAXY:APT41", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "d9b39228-0d9d-4c1e-8e39-2de986120060", "created_at": "2023-01-06T13:46:39.293127Z", "updated_at": "2026-04-10T02:00:03.277123Z", "deleted_at": null, "main_name": "BelialDemon", "aliases": [ "Matanbuchus" ], "source_name": "MISPGALAXY:BelialDemon", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "c8bf82a7-6887-4d46-ad70-4498b67d4c1d", "created_at": "2025-08-07T02:03:25.101147Z", "updated_at": "2026-04-10T02:00:03.846812Z", "deleted_at": null, "main_name": "NICKEL KIMBALL", "aliases": [ "APT43 ", "ARCHIPELAGO ", "Black Banshee ", "Crooked Pisces ", "Emerald Sleet ", "ITG16 ", "Kimsuky ", "Larva-24005 ", "Opal Sleet ", "Ruby Sleet ", "SharpTongue ", "Sparking Pisces ", "Springtail ", "TA406 ", "TA427 ", "THALLIUM ", "UAT-5394 ", "Velvet Chollima " ], "source_name": "Secureworks:NICKEL KIMBALL", "tools": [ "BabyShark", "FastFire", "FastSpy", "FireViewer", "Konni" ], "source_id": "Secureworks", "reports": null }, { "id": "2a24d664-6a72-4b4c-9f54-1553b64c453c", "created_at": "2025-08-07T02:03:24.553048Z", "updated_at": "2026-04-10T02:00:03.787296Z", "deleted_at": null, "main_name": "BRONZE ATLAS", "aliases": [ "APT41 ", "BARIUM ", "Blackfly ", "Brass Typhoon", "CTG-2633", "Earth Baku ", "GREF", "Group 72 ", "Red Kelpie ", "TA415 ", "TG-2633 ", "Wicked Panda ", "Winnti" ], "source_name": "Secureworks:BRONZE ATLAS", "tools": [ "Acehash", "CCleaner v5.33 backdoor", "ChinaChopper", "Cobalt Strike", "DUSTPAN", "Dicey MSDN", "Dodgebox", "ForkPlayground", "HUC Proxy Malware (Htran)" ], "source_id": "Secureworks", "reports": null }, { "id": "a6c351ea-01f1-4c9b-af75-cfbb3b269ed3", "created_at": "2023-01-06T13:46:39.390649Z", "updated_at": "2026-04-10T02:00:03.311299Z", "deleted_at": null, "main_name": "Kinsing", "aliases": [ "Money Libra" ], "source_name": "MISPGALAXY:Kinsing", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "dcbff54d-13ec-40b5-b3b9-b74a315669e1", "created_at": "2026-02-03T02:00:03.428641Z", "updated_at": "2026-04-10T02:00:03.937539Z", "deleted_at": null, "main_name": "UNC1069", "aliases": [ "MASAN", "CryptoCore" ], "source_name": "MISPGALAXY:UNC1069", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "5abbd961-c51b-45e2-9632-e94e48a051b0", "created_at": "2026-01-22T02:00:03.673383Z", "updated_at": "2026-04-10T02:00:03.924422Z", "deleted_at": null, "main_name": "DragonBreath", "aliases": [ "Golden Eye Dog", "APT-Q-27," ], "source_name": "MISPGALAXY:DragonBreath", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "71a1e16c-3ba6-4193-be62-be53527817bc", "created_at": "2022-10-25T16:07:23.753455Z", "updated_at": "2026-04-10T02:00:04.73769Z", "deleted_at": null, "main_name": "Kimsuky", "aliases": [ "APT 43", "Black Banshee", "Emerald Sleet", "G0086", "G0094", "ITG16", "KTA082", "Kimsuky", "Larva-24005", "Larva-25004", "Operation Baby Coin", "Operation Covert Stalker", "Operation DEEP#DRIVE", "Operation DEEP#GOSU", "Operation Kabar Cobra", "Operation Mystery Baby", "Operation Red Salt", "Operation Smoke Screen", "Operation Stealth Power", "Operation Stolen Pencil", "SharpTongue", "Sparkling Pisces", "Springtail", "TA406", "TA427", "Thallium", "UAT-5394", "Velvet Chollima" ], "source_name": "ETDA:Kimsuky", "tools": [ "AngryRebel", "AppleSeed", "BITTERSWEET", "BabyShark", "BoBoStealer", "CSPY Downloader", "Farfli", "FlowerPower", "Gh0st RAT", "Ghost RAT", "Gold Dragon", "GoldDragon", "GoldStamp", "JamBog", "KGH Spyware Suite", "KGH_SPY", "KPortScan", "KimJongRAT", "Kimsuky", "LATEOP", "LOLBAS", "LOLBins", "Living off the Land", "Lovexxx", "MailPassView", "Mechanical", "Mimikatz", "MoonPeak", "Moudour", "MyDogs", "Mydoor", "Network Password Recovery", "PCRat", "ProcDump", "PsExec", "ReconShark", "Remote Desktop PassView", "SHARPEXT", "SWEETDROP", "SmallTiger", "SniffPass", "TODDLERSHARK", "TRANSLATEXT", "Troll Stealer", "TrollAgent", "VENOMBITE", "WebBrowserPassView", "xRAT" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775439120, "ts_updated_at": 1775792260, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/b4af2d450e96756d585f52feea7c93dcf168a8cf.pdf", "text": "https://archive.orkl.eu/b4af2d450e96756d585f52feea7c93dcf168a8cf.txt", "img": "https://archive.orkl.eu/b4af2d450e96756d585f52feea7c93dcf168a8cf.jpg" } }