{
	"id": "afae81b7-00d4-4d1d-95ae-d2493599a7a8",
	"created_at": "2026-04-06T00:20:03.81907Z",
	"updated_at": "2026-04-10T03:20:05.111578Z",
	"deleted_at": null,
	"sha1_hash": "0a40fd3fc4c8802fb79cb447c06f8752d366bdec",
	"title": "TinyNuke (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29384,
	"plain_text": "TinyNuke (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 19:46:40 UTC\r\nTinyNuke (aka Nuclear Bot) is a fully-fledged banking trojan including HiddenDesktop/VNC server and a reverse\r\nsocks4 server. It was for sale on underground marketplaces for $2500 in 2016. The program's author claimed the\r\nmalware was written from scratch, but that it functioned similarly to the ZeuS banking trojan in that it could steal\r\npasswords and inject arbitrary content when victims visited banking Web sites. However, he then proceeded to\r\ndestroy his own reputation on hacker forums by promoting his development too aggressively. As a displacement\r\nactivity, he published his source code on Github. XBot is an off-spring of TinyNuke, but very similar to its\r\nancestor.\r\n[TLP:WHITE] win_tinynuke_auto (20251219 | Detects win.tinynuke.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.tinynuke\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.tinynuke\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.tinynuke"
	],
	"report_names": [
		"win.tinynuke"
	],
	"threat_actors": [],
	"ts_created_at": 1775434803,
	"ts_updated_at": 1775791205,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0a40fd3fc4c8802fb79cb447c06f8752d366bdec.pdf",
		"text": "https://archive.orkl.eu/0a40fd3fc4c8802fb79cb447c06f8752d366bdec.txt",
		"img": "https://archive.orkl.eu/0a40fd3fc4c8802fb79cb447c06f8752d366bdec.jpg"
	}
}