{
	"id": "e32c16a2-81f3-423a-a67a-893a269ed4af",
	"created_at": "2026-04-06T00:19:36.925105Z",
	"updated_at": "2026-04-10T03:21:40.405521Z",
	"deleted_at": null,
	"sha1_hash": "84ba889879b79e96edc159d4beeadde96b5d4dab",
	"title": "AgfSpy (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28373,
	"plain_text": "AgfSpy (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-06 00:05:54 UTC\r\nThe agfSpy backdoor retrieves configuration and commands from its C\u0026C server. These commands allow the\r\nbackdoor to execute shell commands and send the execution results back to the server. It also enumerates\r\ndirectories and can list, upload, download, and execute files, among other functions. The capabilities of agfSpy are\r\nvery similar to dneSpy, except each backdoor uses a different C\u0026C server and various formats in message\r\nexchanges.\r\n[TLP:WHITE] win_agfspy_auto (20251219 | Detects win.agfspy.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.agfspy\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.agfspy\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.agfspy"
	],
	"report_names": [
		"win.agfspy"
	],
	"threat_actors": [],
	"ts_created_at": 1775434776,
	"ts_updated_at": 1775791300,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/84ba889879b79e96edc159d4beeadde96b5d4dab.pdf",
		"text": "https://archive.orkl.eu/84ba889879b79e96edc159d4beeadde96b5d4dab.txt",
		"img": "https://archive.orkl.eu/84ba889879b79e96edc159d4beeadde96b5d4dab.jpg"
	}
}