{
	"id": "d8d4f889-d375-423f-9b54-bf524df0fe95",
	"created_at": "2026-04-06T00:11:17.703864Z",
	"updated_at": "2026-04-10T03:37:58.850005Z",
	"deleted_at": null,
	"sha1_hash": "e07f88d2754985ce52665a5ad48c202706d4ec9f",
	"title": "Operation Shady RAT",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 68534,
	"plain_text": "Operation Shady RAT\r\nBy Contributors to Wikimedia projects\r\nPublished: 2011-08-03 · Archived: 2026-04-05 20:39:25 UTC\r\nFrom Wikipedia, the free encyclopedia\r\nOperation Shady RAT is an ongoing series of cyber attacks starting in mid-2006[1] reported by Dmitri\r\nAlperovitch, Vice President of Threat Research at Internet security company McAfee in August 2011, who also\r\nled and named the Night Dragon Operation and Operation Aurora cyberespionage intrusion investigations.[2] The\r\nattacks have hit at least 71 organizations, including defense contractors, businesses worldwide, the United\r\nNations, and the International Olympic Committee.\r\n[3][4]\r\n Governments attacked include Canada, India, South\r\nKorea, Taiwan, United States, and Vietnam. International bodies attacked include the United Nations, the\r\nAssociation of Southeast Asian Nations (ASEAN), the International Olympic Committee, and the World Anti-Doping Agency.\r\n[5]\r\nThe operation, named by Alperovitch as a derivation of the common computer security industry acronym for\r\nremote access tool, is characterized by McAfee as \"a five-year targeted operation by one specific actress\". The\r\nreport suggests that the targeting of various athletic oversight organizations around the time of the 2008 Summer\r\nOlympics \"potentially pointed a finger at a state actor behind the intrusions\".[2] That state actor is widely assumed\r\nto be the People's Republic of China.\r\n[6]\r\nThe hackers sent phishing emails, which were tainted with malicious software, to specific people at the targeted\r\norganizations. If the unsuspecting receiver of the mail clicked on the attached malicious software, it would infect\r\ntheir computer which in turn would give the hacker access to their computer.\r\n[5]\r\nCyberwarfare and China\r\nAdvanced persistent threat\r\nDigiNotar\r\nDuqu\r\nPLA Unit 61398\r\nTailored Access Operations\r\n1. ^ Jim Finkle (2011-08-03). \"State actor seen in \"enormous\" range of cyber attacks\". Reuters. Retrieved\r\n2011-08-03.\r\n2. ^ Jump up to: a\r\n \r\nb\r\n Dmitri Alperovitch (2011-08-02). \"Revealed: Operation Shady RAT\" (PDF). McAfee.\r\nArchived from the original (PDF) on 2011-08-04. Retrieved 2011-08-03.\r\n3. ^ \"Governments, IOC and UN hit by massive cyber attack\". BBC News. 2011-08-03. Retrieved 3 August\r\n2011.\r\n4. ^ Nakashima, Ellen, \"Report on ‘Operation Shady RAT’ identifies widespread cyber-spying\", Washington\r\nPost, 3 August 2011.\r\nhttps://en.wikipedia.org/wiki/Operation_Shady_RAT\r\nPage 1 of 2\n\n5. ^ Jump up to: a\r\n \r\nb\r\n \"Q+A: Massive cyber attack dubbed \"Operation Shady RAT\"\". Reuters. 2011-08-03.\r\nRetrieved 2023-11-02.\r\n6. ^ Gross, Michael Joseph, \"Enter the Cyber-dragon\", Vanity Fair, September 2011.\r\nSource: https://en.wikipedia.org/wiki/Operation_Shady_RAT\r\nhttps://en.wikipedia.org/wiki/Operation_Shady_RAT\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://en.wikipedia.org/wiki/Operation_Shady_RAT"
	],
	"report_names": [
		"Operation_Shady_RAT"
	],
	"threat_actors": [
		{
			"id": "ea844ee6-eb12-42c0-8426-11395fe81e6f",
			"created_at": "2022-10-25T15:50:23.300796Z",
			"updated_at": "2026-04-10T02:00:05.32389Z",
			"deleted_at": null,
			"main_name": "Night Dragon",
			"aliases": [
				"Night Dragon"
			],
			"source_name": "MITRE:Night Dragon",
			"tools": [
				"at",
				"gsecdump",
				"zwShell",
				"PsExec",
				"ASPXSpy",
				"gh0st RAT"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "09a8f8fe-e907-47b4-8709-a97717dde3cc",
			"created_at": "2022-10-25T16:07:23.90252Z",
			"updated_at": "2026-04-10T02:00:04.783553Z",
			"deleted_at": null,
			"main_name": "Night Dragon",
			"aliases": [
				"G0014"
			],
			"source_name": "ETDA:Night Dragon",
			"tools": [
				"ASPXSpy",
				"ASPXTool",
				"Cain \u0026 Abel",
				"gsecdump",
				"zwShell"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "b7aa23d0-65c8-49f4-8052-837ce6251b63",
			"created_at": "2022-10-25T16:07:24.006105Z",
			"updated_at": "2026-04-10T02:00:04.831292Z",
			"deleted_at": null,
			"main_name": "Operation Shady RAT",
			"aliases": [],
			"source_name": "ETDA:Operation Shady RAT",
			"tools": [],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "cf7fc640-acfe-41c4-9f3d-5515d53a3ffb",
			"created_at": "2023-01-06T13:46:38.228042Z",
			"updated_at": "2026-04-10T02:00:02.883048Z",
			"deleted_at": null,
			"main_name": "APT1",
			"aliases": [
				"PLA Unit 61398",
				"Comment Crew",
				"Byzantine Candor",
				"Comment Group",
				"GIF89a",
				"Group 3",
				"TG-8223",
				"Brown Fox",
				"ShadyRAT",
				"G0006",
				"COMMENT PANDA"
			],
			"source_name": "MISPGALAXY:APT1",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "020794ec-7315-47de-818c-2032c362fd15",
			"created_at": "2023-01-06T13:46:38.306576Z",
			"updated_at": "2026-04-10T02:00:02.920647Z",
			"deleted_at": null,
			"main_name": "Night Dragon",
			"aliases": [
				"G0014"
			],
			"source_name": "MISPGALAXY:Night Dragon",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "86fd71d3-06dc-4b73-b038-cedea7b83bac",
			"created_at": "2022-10-25T16:07:23.330793Z",
			"updated_at": "2026-04-10T02:00:04.545236Z",
			"deleted_at": null,
			"main_name": "APT 17",
			"aliases": [
				"APT 17",
				"ATK 2",
				"Beijing Group",
				"Bronze Keystone",
				"Deputy Dog",
				"Elderwood",
				"Elderwood Gang",
				"G0025",
				"G0066",
				"Operation Aurora",
				"Operation DeputyDog",
				"Operation Ephemeral Hydra",
				"Operation RAT Cook",
				"SIG22",
				"Sneaky Panda",
				"TEMP.Avengers",
				"TG-8153",
				"Tailgater Team"
			],
			"source_name": "ETDA:APT 17",
			"tools": [
				"9002 RAT",
				"AGENT.ABQMR",
				"AGENT.AQUP.DROPPER",
				"AGENT.BMZA",
				"AGENT.GUNZ",
				"Agent.dhwf",
				"AngryRebel",
				"BlackCoffee",
				"Briba",
				"Chymine",
				"Comfoo",
				"Comfoo RAT",
				"Darkmoon",
				"DeputyDog",
				"Destroy RAT",
				"DestroyRAT",
				"Farfli",
				"Fexel",
				"Gen:Trojan.Heur.PT",
				"Gh0st RAT",
				"Ghost RAT",
				"Gresim",
				"HOMEUNIX",
				"HiKit",
				"HidraQ",
				"Homux",
				"Hydraq",
				"Jumpall",
				"Kaba",
				"Korplug",
				"Linfo",
				"MCRAT.A",
				"McRAT",
				"MdmBot",
				"Mdmbot.E",
				"Moudour",
				"Mydoor",
				"Naid",
				"Nerex",
				"PCRat",
				"PNGRAT",
				"Pasam",
				"PlugX",
				"Poison Ivy",
				"RedDelta",
				"Roarur",
				"SPIVY",
				"Sogu",
				"TIGERPLUG",
				"TVT",
				"Thoper",
				"Trojan.Naid",
				"Vasport",
				"Wiarp",
				"Xamtrav",
				"Zox",
				"ZoxPNG",
				"ZoxRPC",
				"gresim",
				"pivy",
				"poisonivy"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434277,
	"ts_updated_at": 1775792278,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e07f88d2754985ce52665a5ad48c202706d4ec9f.pdf",
		"text": "https://archive.orkl.eu/e07f88d2754985ce52665a5ad48c202706d4ec9f.txt",
		"img": "https://archive.orkl.eu/e07f88d2754985ce52665a5ad48c202706d4ec9f.jpg"
	}
}