{
	"id": "768a4c7a-ed1c-4b0c-bbfc-a697491f3967",
	"created_at": "2026-04-06T00:22:20.58026Z",
	"updated_at": "2026-04-10T13:11:26.607756Z",
	"deleted_at": null,
	"sha1_hash": "7e1217873b37f9fdfa1afd5746853a6bf999923d",
	"title": "TONEDEAF (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28247,
	"plain_text": "TONEDEAF (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 14:44:48 UTC\r\nTONEDEAF is a backdoor that communicates with Command and Control servers using HTTP or DNS.\r\nSupported commands include system information collection, file upload, file download, and arbitrary shell\r\ncommand execution. When executed, this variant of TONEDEAF wrote encrypted data to two temporary files –\r\ntemp.txt and temp2.txt – within the same directory of its execution.\r\n[TLP:WHITE] win_tonedeaf_auto (20251219 | Detects win.tonedeaf.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.tonedeaf\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.tonedeaf\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.tonedeaf"
	],
	"report_names": [
		"win.tonedeaf"
	],
	"threat_actors": [],
	"ts_created_at": 1775434940,
	"ts_updated_at": 1775826686,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7e1217873b37f9fdfa1afd5746853a6bf999923d.pdf",
		"text": "https://archive.orkl.eu/7e1217873b37f9fdfa1afd5746853a6bf999923d.txt",
		"img": "https://archive.orkl.eu/7e1217873b37f9fdfa1afd5746853a6bf999923d.jpg"
	}
}