{
	"id": "d2801cbd-03b7-4e50-8a27-a9557cc762c8",
	"created_at": "2026-04-06T00:12:45.458993Z",
	"updated_at": "2026-04-10T03:20:31.839705Z",
	"deleted_at": null,
	"sha1_hash": "95765d90be91c09759f1f7a8cbbebb94bddd62c0",
	"title": "BabyShark (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28960,
	"plain_text": "BabyShark (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 23:42:35 UTC\r\nBabyShark is Microsoft Visual Basic (VB) script-based malware family first seen in November 2018. The\r\nmalware is launched by executing the first stage HTA from a remote location, thus it can be delivered via different\r\nfile types including PE files as well as malicious documents. It exfiltrates system information to C2 server,\r\nmaintains persistence on the system, and waits for further instruction from the operator\r\n[TLP:WHITE] win_babyshark_auto (20251219 | Detects win.babyshark.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.babyshark\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.babyshark\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.babyshark"
	],
	"report_names": [
		"win.babyshark"
	],
	"threat_actors": [],
	"ts_created_at": 1775434365,
	"ts_updated_at": 1775791231,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/95765d90be91c09759f1f7a8cbbebb94bddd62c0.pdf",
		"text": "https://archive.orkl.eu/95765d90be91c09759f1f7a8cbbebb94bddd62c0.txt",
		"img": "https://archive.orkl.eu/95765d90be91c09759f1f7a8cbbebb94bddd62c0.jpg"
	}
}