{
	"id": "2c2fa8ce-e333-45ab-a6a6-a8ac4ed409ef",
	"created_at": "2026-04-06T01:31:33.866219Z",
	"updated_at": "2026-04-10T13:12:28.57055Z",
	"deleted_at": null,
	"sha1_hash": "d5f4bae6883aadc5651ac9cef8995d58048327a2",
	"title": "Rustock samples and analysis links. Rustock.C, E, I, J and other variants",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 66957,
	"plain_text": "Rustock samples and analysis links. Rustock.C, E, I, J and other\r\nvariants\r\nArchived: 2026-04-06 00:37:04 UTC\r\nRustock samples and analysis links. Rustock.C, E, I, J and other variants\r\n I thought that Russian Matryoshka aka Rustock the Nested Doll would be a good subject after the previous post\r\nabout Trojan.Matryoshka (Taidoor) analyzed by Jared Myers from CyberESI. Russian rootkit Rustock is as\r\nnotorious as TDSS or Stuxnet and is very sophisticated. Many researchers made detailed analysis of Rustock and\r\nthis is why it is a great subject of study. The botnet is down but the malware is here for you to play and try to\r\nreverse on your own or following one of the analysis papers posted below.\r\n General File Information\r\nFile timedatestamp. (Thu Oct 01 10:15:30 2009)\r\nVT First seen: 2009-11-07 05:29:52\r\nSize: 269312\r\nMD5:  1A713083A0BC21BE19F1EC496DF4E651\r\nFile timedatestamp. (Mon Mar 02 12:18:02 2009)\r\n VT First seen: 2009-03-20 01:59:48\r\n Size: 98158\r\nMD5:  8E4994543ADBC2BA2103C6F801898356\r\nVT first seen 2008-08-22 05:08:39\r\nSize: 428168\r\nMD5:  76101675D9CF5BA5238CAE9D5FAC8881\r\nFile timedatestamp (Tue Sep 15 16:42:54 2009)\r\nVT First seen: 2009-10-07 18:04:12\r\nSize: 20480\r\nMD5:  4A5E58D6351C342F3EDC145F6F4EEAFE\r\ntimedatestamp. (Wed Sep 26 05:11:12 2007)\r\nhttp://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html\r\nPage 1 of 8\n\nSize: 158464\r\nMD5:  04BA40662923BE168CA4DC2DA924A0D0\r\nTimestamp: (Fri Jan 19 09:46:53 2007)\r\nVT First seen: 2007-01-22 08:52:17\r\nSize: 70570\r\nMD5:  FDAFB3A14338B2B612C4E5C4F94B3677\r\nMalware Analysis and Botnet research Links\r\nDownload\r\nAutomated Scans\r\nHere are current scans \r\nRustock 23\r\nmalware.exe\r\nSubmission date:2011-10-07 02:50:13 (UTC)\r\nResult:36/ 43 (83.7%)\r\nAhnLab-V3    2011.10.06.00    2011.10.06    Win-Trojan/Newrest.269312\r\nAntiVir    7.11.15.141    2011.10.06    TR/Dropper.Gen\r\nAvast    6.0.1289.0    2011.10.06    Win32:Neredr [Drp]\r\nAVG    10.0.0.1190    2011.10.06    BackDoor.Generic12.EG\r\nBitDefender    7.2    2011.10.07    Gen:Trojan.Heur.Rustock.1\r\nCAT-QuickHeal    11.00    2011.10.05    W32.Rustock.J\r\nClamAV    0.97.0.0    2011.10.07    Trojan.Rustock-23\r\nCommtouch    5.3.2.6    2011.10.07    W32/NewRest.A.gen!Eldorado\r\nComodo    10368    2011.10.07    TrojWare.Win32.TrojanDownloader.Boltolog.~JH3\r\nDrWeb    5.0.2.03300    2011.10.07    Trojan.Spambot.5077\r\nEmsisoft    5.1.0.11    2011.10.07    Backdoor.WinNT.Rustock!IK\r\neSafe    7.0.17.0    2011.10.06    Win32.Pandex\r\neTrust-Vet    36.1.8603    2011.10.06    -\r\nhttp://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html\r\nPage 2 of 8\n\nF-Prot    4.6.2.117    2011.10.06    W32/NewRest.A.gen!Eldorado\r\nF-Secure    9.0.16440.0    2011.10.07    Gen:Trojan.Heur.Rustock.1\r\nFortinet    4.3.370.0    2011.10.06    W32/NewRest.BC!tr.bdr\r\nGData    22    2011.10.07    Gen:Trojan.Heur.Rustock.1\r\nIkarus    T3.1.1.107.0    2011.10.07    Backdoor.WinNT.Rustock\r\nJiangmin    13.0.900    2011.10.06    Backdoor/NewRest.axy\r\nK7AntiVirus    9.115.5248    2011.10.06    Riskware\r\nKaspersky    9.0.0.837    2011.10.07    Backdoor.Win32.NewRest.bc\r\nMcAfee    5.400.0.1158    2011.10.07    Generic BackDoor!bfe\r\nMcAfee-GW-Edition    2010.1D    2011.10.07    Generic BackDoor!bfe\r\nMicrosoft    1.7702    2011.10.06    Backdoor:WinNT/Rustock.AN\r\nNOD32    6523    2011.10.07    a variant of Win32/Rustock.NKU\r\nNorman    6.07.11    2011.10.06    W32/Suspicious_Gen2.HITO\r\nnProtect    2011-10-06.01    2011.10.06    Backdoor/W32.NewRest.269312.D\r\nPanda    10.0.3.5    2011.10.06    Rootkit/Farfli.X\r\nPCTools    8.0.0.5    2011.10.07    Trojan.Pandex!rem\r\nSophos    4.70.0    2011.10.06    Mal/Generic-L\r\nSymantec    20111.2.0.82    2011.10.07    Trojan.Pandex\r\nTheHacker    6.7.0.1.318    2011.10.06    Backdoor/NewRest.bc\r\nTrendMicro    9.500.0.1008    2011.10.06    BKDR_RUSTOCK.SMA\r\nTrendMicro-HouseCall    9.500.0.1008    2011.10.07    BKDR_RUSTOCK.SMA\r\nVBA32    3.12.16.4    2011.10.06    Malware-Cryptor.General.3\r\nVIPRE    10685    2011.10.07    Trojan-Dropper.Win32.Rustock.j (v)\r\nVirusBuster    14.0.252.5    2011.10.06    Backdoor.NewRest!90rGdRrhb6c\r\nMD5   : 1a713083a0bc21be19f1ec496df4e651\r\nRustock.NFE\r\nFile name: malware.exe\r\n2011-10-07 02:54:50 (UTC)\r\nResult: 35/ 42 (83.3%)\r\nVirustotal\r\nAhnLab-V3    2011.10.06.00    2011.10.06    Win-Trojan/Rustock.98158\r\nAntiVir    7.11.15.141    2011.10.06    TR/Rootkit.Gen\r\nAntiy-AVL    2.0.3.7    2011.10.06    Backdoor/Win32.NewRest.gen\r\nAvast    6.0.1289.0    2011.10.06    Win32:RustNT [Rtk]\r\nAVG    10.0.0.1190    2011.10.06    BackDoor.Generic11.CDJ\r\nBitDefender    7.2    2011.10.07    Backdoor.Rustock.NFE\r\nCAT-QuickHeal    11.00    2011.10.05    Trojan.Agent.ATV\r\nCommtouch    5.3.2.6    2011.10.07    W32/SYStroj.S.gen!Eldorado\r\nComodo    10368    2011.10.07    Backdoor.Win32.NewRest.A\r\nDrWeb    5.0.2.03300    2011.10.07    Trojan.Spambot.8555\r\nEmsisoft    5.1.0.11    2011.10.07    Backdoor.Win32.NewRest!IK\r\nhttp://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html\r\nPage 3 of 8\n\nF-Prot    4.6.2.117    2011.10.06    W32/SYStroj.S.gen!Eldorado\r\nF-Secure    9.0.16440.0    2011.10.07    Backdoor.Rustock.NFE\r\nFortinet    4.3.370.0    2011.10.06    W32/Backdoor!tr\r\nGData    22    2011.10.07    Backdoor.Rustock.NFE\r\nIkarus    T3.1.1.107.0    2011.10.07    Backdoor.Win32.NewRest\r\nJiangmin    13.0.900    2011.10.06    Backdoor/NewRest.bhg\r\nK7AntiVirus    9.115.5248    2011.10.06    Riskware\r\nKaspersky    9.0.0.837    2011.10.07    Backdoor.Win32.NewRest.z\r\nMcAfee    5.400.0.1158    2011.10.07    W32/Rustock\r\nMcAfee-GW-Edition    2010.1D    2011.10.07    W32/Rustock\r\nMicrosoft    1.7702    2011.10.06    Backdoor:WinNT/Rustock.E\r\nNOD32    6523    2011.10.07    a variant of Win32/Rustock.NKU\r\nNorman    6.07.11    2011.10.06    W32/Rustock.ALF\r\nnProtect    2011-10-06.01    2011.10.06    Backdoor/W32.Rustock.98158\r\nPanda    10.0.3.5    2011.10.06    Generic Backdoor\r\nPCTools    8.0.0.5    2011.10.07    Backdoor.Rustock.C!rem\r\nSophos    4.70.0    2011.10.06    Mal/TDSSPack-G\r\nSymantec    20111.2.0.82    2011.10.07    Backdoor.Rustock.B\r\nTheHacker    6.7.0.1.318    2011.10.06    Backdoor/NewRest.z\r\nTrendMicro    9.500.0.1008    2011.10.06    BKDR_RUSTOCK.SMB\r\nTrendMicro-HouseCall    9.500.0.1008    2011.10.07    BKDR_RUSTOCK.SMB\r\nVBA32    3.12.16.4    2011.10.06    Malware-Cryptor.General.3\r\nVIPRE    10685    2011.10.07    Backdoor.Rustock\r\nVirusBuster    14.0.252.5    2011.10.06    Backdoor.NewRest!n6q3ymQd7tQ\r\nMD5   : 8e4994543adbc2ba2103c6f801898356\r\nRustock.J\r\nVirustotal\r\nc25a91a3c1301c877870d0a9c7287a3b19ed5802\r\nSubmission date:2011-07-02 03:20:19 (UTC)\r\nAhnLab-V3     2011.07.02.00     2011.07.01     Trojan/Win32.ADH\r\nAntiVir     7.11.10.197     2011.07.01     TR/Dropper.Gen\r\nAvast     4.8.1351.0     2011.07.01     Win32:Foxer\r\nAvast5     5.0.677.0     2011.07.01     Win32:Foxer\r\nAVG     10.0.0.1190     2011.07.01     Downloader.FraudLoad.AO\r\nBitDefender     7.2     2011.07.02     Trojan.Rootkit.Rustock.J\r\nComodo     9248     2011.07.02     TrojWare.Win32.Trojan.DNSChanger.VD0\r\neTrust-Vet     36.1.8421     2011.07.01     Win32/ASuspect.HDFDS\r\nF-Secure     9.0.16440.0     2011.07.02     Trojan-Dropper:W32/Agent.FDD\r\nGData     22     2011.07.02     Trojan.Rootkit.Rustock.J\r\nIkarus     T3.1.1.104.0     2011.07.01     Win32.SuspectCrc\r\nhttp://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html\r\nPage 4 of 8\n\nJiangmin     13.0.900     2011.07.01     TrojanDropper.Agent.qig\r\nK7AntiVirus     9.107.4863     2011.07.01     Trojan\r\nKaspersky     9.0.0.837     2011.07.02     -\r\nMcAfee     5.400.0.1158     2011.07.02     Generic.dx\r\nMcAfee-GW-Edition     2010.1D     2011.07.02     Generic.dx\r\nMicrosoft     1.7000     2011.07.01     TrojanDropper:Win32/Alureon.N\r\nNorman     6.07.10     2011.07.01     W32/Suspicious_Gen2.IRVW\r\nnProtect     2011-07-01.01     2011.07.01     Trojan.DNSChanger.VD\r\nPanda     10.0.3.5     2011.07.01     Trj/CI.A\r\nPCTools     8.0.0.5     2011.07.01     Trojan.ADH\r\nSophos     4.67.0     2011.07.02     Mal/Generic-L\r\nSymantec     20111.1.0.186     2011.07.02     Trojan.ADH\r\nVBA32     3.12.16.4     2011.07.01     Malware-Cryptor.Win32.General.4\r\nVIPRE     9745     2011.07.02     Media Code, Inc (v)\r\nMD5   : 76101675d9cf5ba5238cae9d5fac8881\r\nRustock. I\r\nmalware.exe\r\nSubmission date:2011-10-07 03:27:30 (UTC)\r\nResult:\r\n37/ 43 (86.0%)\r\nAhnLab-V3    2011.10.06.00    2011.10.06    Win-Trojan/Murlo.20480.BI\r\nAntiVir    7.11.15.141    2011.10.06    TR/Dldr.Agent.20478\r\nAvast    6.0.1289.0    2011.10.06    Win32:Trojan-gen\r\nAVG    10.0.0.1190    2011.10.06    BackDoor.Generic11.AYOE\r\nBitDefender    7.2    2011.10.07    Trojan.Generic.2509041\r\nCAT-QuickHeal    11.00    2011.10.05    TrojanDownloader.Murlo.chj\r\nCommtouch    5.3.2.6    2011.10.07    W32/Rustock.I\r\nComodo    10368    2011.10.07    UnclassifiedMalware\r\nDrWeb    5.0.2.03300    2011.10.07    Trojan.DownLoad.57537\r\nEmsisoft    5.1.0.11    2011.10.07    Trojan-Downloader.Win32.Murlo!IK\r\neTrust-Vet    36.1.8603    2011.10.06    Win32/Rustock.JG\r\nF-Prot    4.6.2.117    2011.10.06    W32/Rustock.I\r\nF-Secure    9.0.16440.0    2011.10.07    Trojan.Generic.2509041\r\nFortinet    4.3.370.0    2011.10.06    W32/Agent.OKM!tr.bdr\r\nGData    22    2011.10.07    Trojan.Generic.2509041\r\nIkarus    T3.1.1.107.0    2011.10.07    Trojan-Downloader.Win32.Murlo\r\nJiangmin    13.0.900    2011.10.06    TrojanDownloader.Murlo.aga\r\nK7AntiVirus    9.115.5248    2011.10.06    Backdoor\r\nKaspersky    9.0.0.837    2011.10.07    Trojan-Downloader.Win32.Murlo.chj\r\nMcAfee    5.400.0.1158    2011.10.07    Generic Downloader.x!bpu\r\nMcAfee-GW-Edition    2010.1D    2011.10.07    Generic Downloader.x!bpu\r\nhttp://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html\r\nPage 5 of 8\n\nMicrosoft    1.7702    2011.10.06    TrojanDownloader:Win32/Rustock.A\r\nNOD32    6523    2011.10.07    Win32/Rustock.NLB\r\nNorman    6.07.11    2011.10.06    W32/DLoader.ABIYA\r\nnProtect    2011-10-06.01    2011.10.06    Trojan-Downloader/W32.MultiDrop.20480.E\r\nPanda    10.0.3.5    2011.10.06    Trj/Downloader.MDW\r\nPCTools    8.0.0.5    2011.10.07    Downloader.Generic\r\nRising    23.77.04.01    2011.09.30    Trojan.Win32.Generic.122B31C0\r\nSophos    4.70.0    2011.10.06    Mal/Generic-L\r\nSymantec    20111.2.0.82    2011.10.07    Downloader\r\nTheHacker    6.7.0.1.318    2011.10.06    Trojan/Downloader.Murlo.chj\r\nTrendMicro    9.500.0.1008    2011.10.07    TROJ_MURLO.DQ\r\nTrendMicro-HouseCall    9.500.0.1008    2011.10.07    TROJ_MURLO.DQ\r\nVBA32    3.12.16.4    2011.10.06    Trojan-Downloader.Win32.Murlo.chj\r\nVIPRE    10685    2011.10.07    Trojan.Win32.Generic!BT\r\nViRobot    2011.10.7.4706    2011.10.07    Trojan.Win32.Downloader.20480.XZ\r\nVirusBuster    14.0.252.5    2011.10.06    Trojan.DL.Rustock!k8yJCVO/R5I\r\nMD5   : 4a5e58d6351c342f3edc145f6f4eeafe \r\nmalware.exe\r\nSubmission date:2011-10-07 03:32:34 (UTC)\r\nResult:30/ 43 (69.8%)\r\nVirustotal\r\nAntiVir    7.11.15.141    2011.10.06    TR/Rootkit.Gen\r\nAvast    6.0.1289.0    2011.10.06    Win32:Rusty\r\nAVG    10.0.0.1190    2011.10.06    Klone.P\r\nBitDefender    7.2    2011.10.07    Win32.Ntldrbot.A\r\nCAT-QuickHeal    11.00    2011.10.05    W32.Rustock.D\r\nCommtouch    5.3.2.6    2011.10.07    W32/Rustock.E\r\nComodo    10368    2011.10.07    UnclassifiedMalware\r\nDrWeb    5.0.2.03300    2011.10.07    Win32.Ntldrbot\r\nEmsisoft    5.1.0.11    2011.10.07    Virus.Win32.Rustock!IK\r\neSafe    7.0.17.0    2011.10.06    Win32.TRRootkit\r\neTrust-Vet    36.1.8603    2011.10.06    -\r\nF-Prot    4.6.2.117    2011.10.06    W32/Rustock.E\r\nF-Secure    9.0.16440.0    2011.10.07    Win32.Ntldrbot.A\r\nFortinet    4.3.370.0    2011.10.06    W32/Rustock.fam\r\nGData    22    2011.10.07    Win32.Ntldrbot.A\r\nIkarus    T3.1.1.107.0    2011.10.07    Virus.Win32.Rustock\r\nK7AntiVirus    9.115.5248    2011.10.06    Virus\r\nKaspersky    9.0.0.837    2011.10.07    Virus.Win32.Rustock.a\r\nMcAfee    5.400.0.1158    2011.10.07    Spam-Mailbot.sys!gen\r\nMcAfee-GW-Edition    2010.1D    2011.10.07    Spam-Mailbot.sys!gen\r\nMicrosoft    1.7702    2011.10.06    Backdoor:WinNT/Rustock.D\r\nhttp://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html\r\nPage 6 of 8\n\nNOD32    6523    2011.10.07    Win32/Rustock.A\r\nNorman    6.07.11    2011.10.06    Rustock.CFX\r\nnProtect    2011-10-06.01    2011.10.06    Win32.Ntldrbot.A\r\nPanda    10.0.3.5    2011.10.06    Suspicious file\r\nRising    23.77.04.01    2011.09.30    Trojan.Win32.Generic.128C3CB1\r\nSophos    4.70.0    2011.10.06    Mal/RKRustok-B\r\nTrendMicro    9.500.0.1008    2011.10.07    HeurSpy_Rustok1\r\nTrendMicro-HouseCall    9.500.0.1008    2011.10.07    HeurSpy_Rustok1\r\nVIPRE    10685    2011.10.07    Trojan.Win32.Generic!BT\r\nVirusBuster    14.0.252.5    2011.10.06    Rootkit.Rustock.Gen!Pac\r\nMD5   : 04ba40662923be168ca4dc2da924a0d0\r\nRustock.C 38/ 43 (88.4%)\r\nVirustotal\r\nAhnLab-V3    2011.10.06.00    2011.10.06    Win-Trojan/Costrat.25088.B\r\nAntiVir    7.11.15.141    2011.10.06    TR/Dropper.Gen\r\nAvast    6.0.1289.0    2011.10.06    Win32:Trojan-gen\r\nAVG    10.0.0.1190    2011.10.06    Obfustat.ITG\r\nBitDefender    7.2    2011.10.07    Backdoor.Rustock.Gen.1\r\nByteHero    1.0.0.1    2011.09.23    -\r\nCAT-QuickHeal    11.00    2011.10.05    Rootkit.Rustock\r\nClamAV    0.97.0.0    2011.10.07    Trojan.Clicker-950\r\nCommtouch    5.3.2.6    2011.10.07    W32/Rustock.C\r\nComodo    10368    2011.10.07    Trojan-Clicker.Win32.Costrat.bk\r\nDrWeb    5.0.2.03300    2011.10.07    Trojan.Spambot\r\nEmsisoft    5.1.0.11    2011.10.07    Backdoor.WinNT.Rustock!IK\r\neSafe    7.0.17.0    2011.10.06    Win32.Rustock.B\r\neTrust-Vet    36.1.8603    2011.10.06    -\r\nF-Prot    4.6.2.117    2011.10.06    W32/Rustock.C\r\nF-Secure    9.0.16440.0    2011.10.07    Backdoor.Rustock.Gen.1\r\nFortinet    4.3.370.0    2011.10.06    W32/Generic.CON!tr\r\nGData    22    2011.10.07    Backdoor.Rustock.Gen.1\r\nIkarus    T3.1.1.107.0    2011.10.07    Backdoor.WinNT.Rustock\r\nJiangmin    13.0.900    2011.10.06    TrojanClicker.Costrat.ml\r\nK7AntiVirus    9.115.5248    2011.10.06    Riskware\r\nKaspersky    9.0.0.837    2011.10.07    Trojan-Clicker.Win32.Costrat.bk\r\nMcAfee    5.400.0.1158    2011.10.07    Generic.dx\r\nMcAfee-GW-Edition    2010.1D    2011.10.07    Generic.dx\r\nMicrosoft    1.7702    2011.10.06    Backdoor:WinNT/Rustock.C\r\nNOD32    6523    2011.10.07    a variant of Win32/Rootkit.Kryptik.BP\r\nNorman    6.07.11    2011.10.06    W32/Agent.ECMM\r\nnProtect    2011-10-06.01    2011.10.06    Trojan-Clicker/W32.Costrat.70570\r\nhttp://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html\r\nPage 7 of 8\n\nPanda    10.0.3.5    2011.10.06    Trj/Agent.EDT\r\nPCTools    8.0.0.5    2011.10.07    Backdoor.Rustock.C!rem\r\nPrevx    3.0    2011.10.07    Medium Risk Malware\r\nRising    23.77.04.01    2011.09.30    Trojan.Win32.Generic.122F6627\r\nSophos    4.70.0    2011.10.06    Mal/RKRustok-A\r\nSymantec    20111.2.0.82    2011.10.07    Backdoor.Rustock.B\r\nTheHacker    6.7.0.1.318    2011.10.06    Trojan/Clicker.Costrat.bk\r\nTrendMicro    9.500.0.1008    2011.10.07    BKDR_RUSTOCK.AR\r\nTrendMicro-HouseCall    9.500.0.1008    2011.10.07    BKDR_RUSTOCK.AR\r\nVBA32    3.12.16.4    2011.10.06    Malware-Cryptor.Win32.015\r\nVIPRE    10685    2011.10.07    Backdoor.Rustock\r\nVirusBuster    14.0.252.5    2011.10.06    Trojan.Rustock!gMcRHMfFn+E\r\nMD5   : fdafb3a14338b2b612c4e5c4f94b3677\r\nSource: http://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html\r\nhttp://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html\r\nPage 8 of 8",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"http://contagiodump.blogspot.com/2011/10/rustock-samples-and-analysis-links.html"
	],
	"report_names": [
		"rustock-samples-and-analysis-links.html"
	],
	"threat_actors": [
		{
			"id": "71b19e59-b5f7-4bc6-816d-194be0f02af0",
			"created_at": "2022-10-25T16:07:24.301036Z",
			"updated_at": "2026-04-10T02:00:04.928222Z",
			"deleted_at": null,
			"main_name": "Taidoor",
			"aliases": [
				"Budminer",
				"Earth Aughisky",
				"G0015"
			],
			"source_name": "ETDA:Taidoor",
			"tools": [
				"Dripion",
				"Masson",
				"Taidoor",
				"simbot"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "50bd4a6c-7542-4bdd-8b37-ab468fc428ef",
			"created_at": "2023-01-06T13:46:38.998658Z",
			"updated_at": "2026-04-10T02:00:03.176186Z",
			"deleted_at": null,
			"main_name": "Taidoor",
			"aliases": [
				"G0015",
				"Earth Aughisky"
			],
			"source_name": "MISPGALAXY:Taidoor",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "478e9b27-39b9-49e4-a3c5-81569a767275",
			"created_at": "2022-10-25T15:50:23.417339Z",
			"updated_at": "2026-04-10T02:00:05.41593Z",
			"deleted_at": null,
			"main_name": "Taidoor",
			"aliases": [
				"Taidoor"
			],
			"source_name": "MITRE:Taidoor",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "75108fc1-7f6a-450e-b024-10284f3f62bb",
			"created_at": "2024-11-01T02:00:52.756877Z",
			"updated_at": "2026-04-10T02:00:05.273746Z",
			"deleted_at": null,
			"main_name": "Play",
			"aliases": null,
			"source_name": "MITRE:Play",
			"tools": [
				"Nltest",
				"AdFind",
				"PsExec",
				"Wevtutil",
				"Cobalt Strike",
				"Playcrypt",
				"Mimikatz"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775439093,
	"ts_updated_at": 1775826748,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d5f4bae6883aadc5651ac9cef8995d58048327a2.pdf",
		"text": "https://archive.orkl.eu/d5f4bae6883aadc5651ac9cef8995d58048327a2.txt",
		"img": "https://archive.orkl.eu/d5f4bae6883aadc5651ac9cef8995d58048327a2.jpg"
	}
}