{
	"id": "9faed8ec-a6e4-4ff5-b7de-49c725fc8eb1",
	"created_at": "2026-04-06T03:36:15.754069Z",
	"updated_at": "2026-04-10T03:33:01.384275Z",
	"deleted_at": null,
	"sha1_hash": "f24c22cd518f14cd82cfc044e39d5ca68f62e2d2",
	"title": "Bvp47 (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 39933,
	"plain_text": "Bvp47 (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-06 03:09:31 UTC\r\nelf.bvp47 (Back to overview)\r\nBvp47\r\nActor(s): Equation Group\r\nPangu Lab discovered this backdoor during a forensic investigation in 2013. They refer to related incidents as\r\n\"Operation Telescreen\".\r\nReferences\r\n2022-05-11 ⋅ ExaTrack ⋅ Tristan Pourcelot\r\nTricephalic Hellkeeper: a tale of a passive backdoor\r\nBPFDoor Bvp47 Uroburos\r\n2022-04-11 ⋅ Pangu Lab ⋅ Pangu Lab\r\nBvp47 Technical Details Report II\r\nBvp47\r\n2022-02-23 ⋅ Bleeping Computer ⋅ Ionut Ilascu\r\nNSA-linked Bvp47 Linux backdoor widely undetected for 10 years\r\nBvp47\r\n2022-02-23 ⋅ Pangu Lab ⋅ Pangu Lab\r\nThe Bvp47 - a Top-tier Backdoor of US NSA Equation Group\r\nBvp47\r\n2022-02-23 ⋅ The Hacker News ⋅ Ravie Lakshmanan\r\nChinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool\r\nBvp47\r\n2022-02-22 ⋅ Pangu Lab ⋅ Pangu Lab\r\nBvp47 - Top-tier Backdoor of US NSA Equation Group\r\nBvp47\r\nThere is no Yara-Signature yet.\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bvp47\r\nPage 1 of 2\n\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/elf.bvp47\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/elf.bvp47\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/elf.bvp47"
	],
	"report_names": [
		"elf.bvp47"
	],
	"threat_actors": [
		{
			"id": "b740943a-da51-4133-855b-df29822531ea",
			"created_at": "2022-10-25T15:50:23.604126Z",
			"updated_at": "2026-04-10T02:00:05.259593Z",
			"deleted_at": null,
			"main_name": "Equation",
			"aliases": [
				"Equation"
			],
			"source_name": "MITRE:Equation",
			"tools": null,
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "08623296-52be-4977-8622-50efda44e9cc",
			"created_at": "2023-01-06T13:46:38.549387Z",
			"updated_at": "2026-04-10T02:00:03.020003Z",
			"deleted_at": null,
			"main_name": "Equation Group",
			"aliases": [
				"Tilded Team",
				"EQGRP",
				"G0020"
			],
			"source_name": "MISPGALAXY:Equation Group",
			"tools": [
				"TripleFantasy",
				"GrayFish",
				"EquationLaser",
				"EquationDrug",
				"DoubleFantasy"
			],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "2d9fbbd7-e4c3-40e5-b751-27af27c8610b",
			"created_at": "2024-05-01T02:03:08.144214Z",
			"updated_at": "2026-04-10T02:00:03.674763Z",
			"deleted_at": null,
			"main_name": "PLATINUM COLONY",
			"aliases": [
				"Equation Group "
			],
			"source_name": "Secureworks:PLATINUM COLONY",
			"tools": [
				"DoubleFantasy",
				"EquationDrug",
				"EquationLaser",
				"Fanny",
				"GrayFish",
				"TripleFantasy"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "e0fed6e6-a593-4041-80ef-694261825937",
			"created_at": "2022-10-25T16:07:23.593572Z",
			"updated_at": "2026-04-10T02:00:04.680752Z",
			"deleted_at": null,
			"main_name": "Equation Group",
			"aliases": [
				"APT-C-40",
				"G0020",
				"Platinum Colony",
				"Tilded Team"
			],
			"source_name": "ETDA:Equation Group",
			"tools": [
				"Bvp47",
				"DEMENTIAWHEEL",
				"DOUBLEFANTASY",
				"DanderSpritz",
				"DarkPulsar",
				"DoubleFantasy",
				"DoubleFeature",
				"DoublePulsar",
				"Duqu",
				"EQUATIONDRUG",
				"EQUATIONLASER",
				"EQUESTRE",
				"Flamer",
				"GRAYFISH",
				"GROK",
				"OddJob",
				"Plexor",
				"Prax",
				"Regin",
				"Skywiper",
				"TRIPLEFANTASY",
				"Tilded",
				"UNITEDRAKE",
				"WarriorPride",
				"sKyWIper"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "a97fee0d-af4b-4661-ae17-858925438fc4",
			"created_at": "2023-01-06T13:46:38.396415Z",
			"updated_at": "2026-04-10T02:00:02.957137Z",
			"deleted_at": null,
			"main_name": "Turla",
			"aliases": [
				"TAG_0530",
				"Pacifier APT",
				"Blue Python",
				"UNC4210",
				"UAC-0003",
				"VENOMOUS Bear",
				"Waterbug",
				"Pfinet",
				"KRYPTON",
				"Popeye",
				"SIG23",
				"ATK13",
				"ITG12",
				"Group 88",
				"Uroburos",
				"Hippo Team",
				"IRON HUNTER",
				"MAKERSMARK",
				"Secret Blizzard",
				"UAC-0144",
				"UAC-0024",
				"G0010"
			],
			"source_name": "MISPGALAXY:Turla",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775446575,
	"ts_updated_at": 1775791981,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f24c22cd518f14cd82cfc044e39d5ca68f62e2d2.pdf",
		"text": "https://archive.orkl.eu/f24c22cd518f14cd82cfc044e39d5ca68f62e2d2.txt",
		"img": "https://archive.orkl.eu/f24c22cd518f14cd82cfc044e39d5ca68f62e2d2.jpg"
	}
}