{
	"id": "c880cf31-c877-48c1-b38b-1ec95e7f91f1",
	"created_at": "2026-04-06T03:35:49.852078Z",
	"updated_at": "2026-04-10T03:19:59.275717Z",
	"deleted_at": null,
	"sha1_hash": "12d24b8486f42d28faa3d22895b5528a14d7aa09",
	"title": "BACKBEND (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28497,
	"plain_text": "BACKBEND (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-06 03:09:35 UTC\r\nFireEye describes BACKBEND as a secondary downloader used as a backup mechanism in the case the primary\r\nbackdoor is removed. When executed, BACKBEND checks for the presence of the mutexes MicrosoftZj or\r\nMicrosoftZjBak (both associated with BACKSPACE variants). If either of the mutexes exist, the malware exits.\r\n[TLP:WHITE] win_backbend_auto (20251219 | Detects win.backbend.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.backbend\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.backbend\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.backbend"
	],
	"report_names": [
		"win.backbend"
	],
	"threat_actors": [],
	"ts_created_at": 1775446549,
	"ts_updated_at": 1775791199,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/12d24b8486f42d28faa3d22895b5528a14d7aa09.pdf",
		"text": "https://archive.orkl.eu/12d24b8486f42d28faa3d22895b5528a14d7aa09.txt",
		"img": "https://archive.orkl.eu/12d24b8486f42d28faa3d22895b5528a14d7aa09.jpg"
	}
}