{
	"id": "4c12ae53-d921-43ad-82b8-8c8988790304",
	"created_at": "2026-04-06T00:14:23.452036Z",
	"updated_at": "2026-04-10T03:20:20.807519Z",
	"deleted_at": null,
	"sha1_hash": "9cc4b2eba14f3bb7d13d3dde26f4d277df950a75",
	"title": "PinchDuke (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28634,
	"plain_text": "PinchDuke (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 20:33:39 UTC\r\nAccording to F-Secure, the PinchDuke information stealer gathers system configuration information, steals user\r\ncredentials, and collects user files from the compromised host transferring these via HTTP(S) to a C\u0026C server. F-Secure believes that PinchDuke’s credential stealing functionality is based on the source code of the Pinch\r\ncredential stealing malware (also known as LdPinch) that was developed in the early 2000s and has later been\r\nopenly distributed on underground forums.\r\n[TLP:WHITE] win_pinchduke_auto (20251219 | Detects win.pinchduke.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.pinchduke\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.pinchduke\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.pinchduke"
	],
	"report_names": [
		"win.pinchduke"
	],
	"threat_actors": [],
	"ts_created_at": 1775434463,
	"ts_updated_at": 1775791220,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/9cc4b2eba14f3bb7d13d3dde26f4d277df950a75.pdf",
		"text": "https://archive.orkl.eu/9cc4b2eba14f3bb7d13d3dde26f4d277df950a75.txt",
		"img": "https://archive.orkl.eu/9cc4b2eba14f3bb7d13d3dde26f4d277df950a75.jpg"
	}
}