{
	"id": "a382eb99-e9d7-4695-850b-25dcf3e557e3",
	"created_at": "2026-04-06T00:18:19.309837Z",
	"updated_at": "2026-04-10T13:12:33.567553Z",
	"deleted_at": null,
	"sha1_hash": "e694f1a888959acdf21588ce36497715daa0ffbb",
	"title": "Malpedia (Fraunhofer FKIE)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 30681,
	"plain_text": "Malpedia (Fraunhofer FKIE)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 17:17:32 UTC\r\nHi!\r\nMalpedia is a free service offered by Fraunhofer FKIE.\r\nAdministration is lead by Daniel Plohmann and Steffen Enders.\r\nMission Statement\r\nThe primary goal of Malpedia is to provide a resource for rapid identification and actionable context when\r\ninvestigating malware. Openness to curated contributions shall ensure an accountable level of quality in order to\r\nfoster meaningful and reproducible research.\r\nPlease respect the Terms of Service.\r\nAlso, please be aware that not all content on Malpedia is publicly available.\r\nMore specifically, you will need an account to access all data (malware samples, non-public YARA rules, ...).\r\nIn this regard, Malpedia is operated as an invite-only trust group.\r\nFor feature requests and feedback discussions, see our public issue tracker on GitHub.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.guloader\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.guloader\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia",
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.guloader"
	],
	"report_names": [
		"win.guloader"
	],
	"threat_actors": [
		{
			"id": "d90307b6-14a9-4d0b-9156-89e453d6eb13",
			"created_at": "2022-10-25T16:07:23.773944Z",
			"updated_at": "2026-04-10T02:00:04.746188Z",
			"deleted_at": null,
			"main_name": "Lead",
			"aliases": [
				"Casper",
				"TG-3279"
			],
			"source_name": "ETDA:Lead",
			"tools": [
				"Agentemis",
				"BleDoor",
				"Cobalt Strike",
				"CobaltStrike",
				"RbDoor",
				"RibDoor",
				"Winnti",
				"cobeacon"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434699,
	"ts_updated_at": 1775826753,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e694f1a888959acdf21588ce36497715daa0ffbb.pdf",
		"text": "https://archive.orkl.eu/e694f1a888959acdf21588ce36497715daa0ffbb.txt",
		"img": "https://archive.orkl.eu/e694f1a888959acdf21588ce36497715daa0ffbb.jpg"
	}
}