{
	"id": "7b749875-a86e-4290-b11e-144984a34d76",
	"created_at": "2026-04-06T00:17:19.046105Z",
	"updated_at": "2026-04-10T03:34:16.03293Z",
	"deleted_at": null,
	"sha1_hash": "da3d523f8ce54946aa49f06615c03366def869c4",
	"title": "CrossRAT (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 36448,
	"plain_text": "CrossRAT (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 16:59:52 UTC\r\njar.crossrat (Back to overview)\r\nCrossRAT\r\naka: Trupto\r\nActor(s): Dark Caracal\r\nThere is no description at this point.\r\nReferences\r\n2018-01-24 ⋅ Objective-See ⋅ Patrick Wardle\r\nAnalyzing CrossRAT: A cross-platform implant, utilized in a global cyber-espionage campaign\r\nCrossRAT\r\n2018-01-18 ⋅ Lookout ⋅ Andrew Blaich, Apurva Kumar, Cooper Quintin, Eva Galperin, Jeremy Richards, Michael Flossman\r\nDark Caracal: Cyber-espionage at a Global Scal\r\nCrossRAT Bandook Dark Caracal\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/jar.crossrat\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/jar.crossrat\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/jar.crossrat"
	],
	"report_names": [
		"jar.crossrat"
	],
	"threat_actors": [
		{
			"id": "8de10e16-817c-4907-bd98-b64cf4a3e77b",
			"created_at": "2022-10-25T15:50:23.552766Z",
			"updated_at": "2026-04-10T02:00:05.362919Z",
			"deleted_at": null,
			"main_name": "Dark Caracal",
			"aliases": [
				"Dark Caracal"
			],
			"source_name": "MITRE:Dark Caracal",
			"tools": [
				"FinFisher",
				"CrossRAT",
				"Bandook"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "4a62c0be-1583-4d82-8f91-46e3a1c114e6",
			"created_at": "2023-01-06T13:46:38.73639Z",
			"updated_at": "2026-04-10T02:00:03.083265Z",
			"deleted_at": null,
			"main_name": "Dark Caracal",
			"aliases": [
				"G0070"
			],
			"source_name": "MISPGALAXY:Dark Caracal",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "af704c54-a580-4c29-95f2-82db06fbb6f9",
			"created_at": "2022-10-25T16:07:23.525064Z",
			"updated_at": "2026-04-10T02:00:04.64019Z",
			"deleted_at": null,
			"main_name": "Dark Caracal",
			"aliases": [
				"ATK 27",
				"G0070",
				"Operation Dark Caracal",
				"TAG-CT3"
			],
			"source_name": "ETDA:Dark Caracal",
			"tools": [
				"Bandok",
				"Bandook",
				"CrossRAT",
				"FinFisher",
				"FinFisher RAT",
				"FinSpy",
				"Pallas",
				"Trupto"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434639,
	"ts_updated_at": 1775792056,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/da3d523f8ce54946aa49f06615c03366def869c4.pdf",
		"text": "https://archive.orkl.eu/da3d523f8ce54946aa49f06615c03366def869c4.txt",
		"img": "https://archive.orkl.eu/da3d523f8ce54946aa49f06615c03366def869c4.jpg"
	}
}