{
	"id": "fc9e65ff-ef6b-4772-ab7f-b0a0664489d4",
	"created_at": "2026-04-06T00:14:49.786948Z",
	"updated_at": "2026-04-10T03:20:02.060241Z",
	"deleted_at": null,
	"sha1_hash": "ebfcc2d2cbd9cc2add4c3b4dad49c65687e782c9",
	"title": "The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS Tools Used By Top-tier Threat Actors",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 54061,
	"plain_text": "The Chicken Keeps Laying New Eggs: Uncovering New GC MaaS\r\nTools Used By Top-tier Threat Actors\r\nBy QuoScient GmbH\r\nPublished: 2020-06-26 · Archived: 2026-04-05 21:05:24 UTC\r\nNote: This article was initially written by the QuoINT Team as part of QuoScient GmbH. Since the foundation of\r\nQuoIntelligence in March 2020, this article was transferred to the QuoIntelligence website on 21 April 2020.\r\nTerraRecon is a reconnaissance tool used in highly targeted attacks that occurred at least between 2016 and 2018.\r\nAlthough we are unaware of the full kill-chain that led to the execution of TerraRecon, it is fair to assume that\r\nattackers used it as a second or third stage malware.\r\nGet QuoScient GmbH’s stories in your inbox\r\nJoin Medium for free to get updates from this writer.\r\nRemember me for faster sign in\r\nTerraRecon’s primary objective is to scan the infected system for the presence of very specific hardware and\r\nsoftware used in the retail and money transfer services, like:\r\nWestern Union Software likely used in offices located in Italy\r\nWestern Union and Wacom Signing Pads\r\nYubico’s Yubikeys\r\nQuoINT was able to map three different versions of TerraRecon, and — based on the compilation timestamps of\r\nthe samples analyzed and the timeline when they were likely used — concluded that the malware family\r\npotentially existed since at least 2013.\r\nTo keep reading, please visit the official QuoIntelligence Blog or access the article here:\r\nhttps://quointelligence.eu/2020/01/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors/.\r\nSource: https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-53\r\n1d80a6b4e9\r\nhttps://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"Malpedia"
	],
	"references": [
		"https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9"
	],
	"report_names": [
		"the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9"
	],
	"threat_actors": [],
	"ts_created_at": 1775434489,
	"ts_updated_at": 1775791202,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/ebfcc2d2cbd9cc2add4c3b4dad49c65687e782c9.pdf",
		"text": "https://archive.orkl.eu/ebfcc2d2cbd9cc2add4c3b4dad49c65687e782c9.txt",
		"img": "https://archive.orkl.eu/ebfcc2d2cbd9cc2add4c3b4dad49c65687e782c9.jpg"
	}
}