{
	"id": "a900738a-727f-4de0-8455-e837f7331937",
	"created_at": "2026-04-06T00:06:51.052324Z",
	"updated_at": "2026-04-10T13:12:30.918404Z",
	"deleted_at": null,
	"sha1_hash": "09dd94a0265909b6083fb0c13838226d42251537",
	"title": "Contopee (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 27801,
	"plain_text": "Contopee (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 17:55:43 UTC\r\nFireEye described this malware as a proxy-aware backdoor that communicates using a custom-encrypted binary\r\nprotocol. It may use the registry to store optional configuration data. The backdoor has been observed to support\r\n26 commands that include directory traversal, file system manipulation, data archival and transmission, and\r\ncommand execution.\r\n[TLP:WHITE] win_contopee_auto (20251219 | Detects win.contopee.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.contopee\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.contopee\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.contopee"
	],
	"report_names": [
		"win.contopee"
	],
	"threat_actors": [],
	"ts_created_at": 1775434011,
	"ts_updated_at": 1775826750,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/09dd94a0265909b6083fb0c13838226d42251537.pdf",
		"text": "https://archive.orkl.eu/09dd94a0265909b6083fb0c13838226d42251537.txt",
		"img": "https://archive.orkl.eu/09dd94a0265909b6083fb0c13838226d42251537.jpg"
	}
}