{ "id": "10db728c-f61a-4076-b9d6-a1abf5e279ed", "created_at": "2026-04-06T00:16:36.247184Z", "updated_at": "2026-04-10T03:35:25.980037Z", "deleted_at": null, "sha1_hash": "f6e7c170eaf7bc1c236188427f27be2acf0cd96e", "title": "GIMMICK (Malware Family)", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 107025, "plain_text": "GIMMICK (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 13:11:42 UTC\r\nInventory\r\nStatistics\r\nUsage\r\nApiVector\r\nLogin\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.gimmick\r\nPage 1 of 3\n\nwin.gimmick (Back to overview)\r\nGIMMICK\r\nThere is no description at this point.\r\nReferences\r\n2023-08-18 ⋅ TEAMT5 ⋅ Still Hsu, Zih-Cing Liao\r\nUnmasking CamoFei: An In-depth Analysis of an Emerging APT Group Focused on Healthcare Sectors in\r\nEast Asia\r\nCatB Cobalt Strike DoorMe GIMMICK\r\n2022-03-22 ⋅ Volexity ⋅ Damien Cash, Steven Adair, Thomas Lancaster\r\nStorm Cloud on the Horizon: GIMMICK Malware Strikes at macOS\r\nGIMMICK GIMMICK\r\nYara Rules\r\n[TLP:WHITE] win_gimmick_w0 (20230802 | Detects the base version of GIMMICK in .NET.)\r\n[TLP:WHITE] win_gimmick_w1 (20230802 | Detects the macOS port of the GIMMICK malware.)\r\nDownload all Yara Rules\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.gimmick\r\nPage 2 of 3\n\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.gimmick\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.gimmick\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://malpedia.caad.fkie.fraunhofer.de/details/win.gimmick" ], "report_names": [ "win.gimmick" ], "threat_actors": [ { "id": "4434c71b-c424-4c06-b923-4f3f54f24f40", "created_at": "2022-10-25T16:07:23.453526Z", "updated_at": "2026-04-10T02:00:04.611408Z", "deleted_at": null, "main_name": "ChamelGang", "aliases": [ "CamoFei" ], "source_name": "ETDA:ChamelGang", "tools": [ "7-Zip", "Agentemis", "BeaconLoader", "Cobalt Strike", "CobaltStrike", "DoorMe", "FRP", "Fast Reverse Proxy", "ProxyT", "Tiny SHell", "cobeacon", "tsh" ], "source_id": "ETDA", "reports": null }, { "id": "610a7295-3139-4f34-8cec-b3da40add480", "created_at": "2023-01-06T13:46:38.608142Z", "updated_at": "2026-04-10T02:00:03.03764Z", "deleted_at": null, "main_name": "Cobalt", "aliases": [ "Cobalt Group", "Cobalt Gang", "GOLD KINGSWOOD", "COBALT SPIDER", "G0080", "Mule Libra" ], "source_name": "MISPGALAXY:Cobalt", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "a0673493-5872-49a0-8d0d-4391302cff01", "created_at": "2023-03-04T02:01:54.10107Z", "updated_at": "2026-04-10T02:00:03.358084Z", "deleted_at": null, "main_name": "Chamelgang", "aliases": [ "CamoFei" ], "source_name": "MISPGALAXY:Chamelgang", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "33eef76c-a6fa-4855-a77e-9a1e92fe8474", "created_at": "2023-11-21T02:00:07.393519Z", "updated_at": "2026-04-10T02:00:03.477407Z", "deleted_at": null, "main_name": "Storm Cloud", "aliases": [], "source_name": "MISPGALAXY:Storm Cloud", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "19ac84cc-bb2d-4e0c-ace0-5a7659d89ac7", "created_at": "2022-10-25T16:07:23.422755Z", "updated_at": "2026-04-10T02:00:04.592069Z", "deleted_at": null, "main_name": "Bronze Highland", "aliases": [ "Daggerfly", "Digging Taurus", "Evasive Panda", "Storm Cloud", "StormBamboo", "TAG-102", "TAG-112" ], "source_name": "ETDA:Bronze Highland", "tools": [ "Agentemis", "CDDS", "CloudScout", "Cobalt Strike", "CobaltStrike", "DazzleSpy", "KsRemote", "LOLBAS", "LOLBins", "Living off the Land", "MacMa", "Macma", "MgBot", "Mgmbot", "NetMM", "Nightdoor", "OSX.CDDS", "POCOSTICK", "RELOADEXT", "Suzafk", "cobeacon" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434596, "ts_updated_at": 1775792125, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f6e7c170eaf7bc1c236188427f27be2acf0cd96e.pdf", "text": "https://archive.orkl.eu/f6e7c170eaf7bc1c236188427f27be2acf0cd96e.txt", "img": "https://archive.orkl.eu/f6e7c170eaf7bc1c236188427f27be2acf0cd96e.jpg" } }