{
	"id": "0e7fa923-4842-4763-9dd0-a8e2361940ea",
	"created_at": "2026-04-06T00:11:25.415348Z",
	"updated_at": "2026-04-10T03:22:08.394048Z",
	"deleted_at": null,
	"sha1_hash": "d28aeb9a00032dd043379a50e92fb61dbd7f93d3",
	"title": "S2W Intelligence Report_Form Book_20200722_web.pdf",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34478,
	"plain_text": "S2W Intelligence Report_Form Book_20200722_web.pdf\r\nArchived: 2026-04-05 17:44:17 UTC\r\nSida 2 av 9\r\n2\r\nCopyright c 2020, S2W LAB Inc.\r\n‘FormBook Tracker’ unveiled on the Dark Web\r\nReport ID : S2-CTI-20200034\r\nVersion: 1.0 (July. 21. 2020)\r\n1. https://www.fireeye.com/blog/threat-research/2017/10/formbook-malware-distribution-campaigns.html\r\nFigure 1: ‘FormBook Tracker’ site capture on the dark web\r\nExecutive Summary\r\nS2W LAB has found ‘FormBook Tracker’ - the operation site of the malicious code\r\n‘FormBook’ - on the dark web. The site contains information about 9,173 infected\r\nmachines (as of 07/19) worldwide including affected machines’ OS, IP, date of Infection\r\nand last activity date etc. China, USA, and Turkey are top 3 countries which have the\r\nmost infected machines based on the information from the site. All command and control\r\n(C\u0026C, hereafter C2) servers are using hosting services from USA and Netherlands.\r\nAbout FormBook1\r\nFormBook is a data stealer and form grabber that has been advertised in various hacking\r\nforums since early 2016. The malware injects itself into various processes and installs\r\nfunction hooks to log keystrokes, steal clipboard contents, and extract data from HTTP\r\nsessions. The malware can also execute commands from a command and control (C2)\r\nserver. The commands include instructing the malware to download and execute files,\r\nstart processes, shutdown and reboot the system, and steal cookies and local passwords.\r\nhttps://drive.google.com/file/d/1oxINyIJfMtv_upJqRK9vLSchIBaU8wiU/view\r\nPage 1 of 2\n\nSource: https://drive.google.com/file/d/1oxINyIJfMtv_upJqRK9vLSchIBaU8wiU/view\r\nhttps://drive.google.com/file/d/1oxINyIJfMtv_upJqRK9vLSchIBaU8wiU/view\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://drive.google.com/file/d/1oxINyIJfMtv_upJqRK9vLSchIBaU8wiU/view"
	],
	"report_names": [
		"view"
	],
	"threat_actors": [],
	"ts_created_at": 1775434285,
	"ts_updated_at": 1775791328,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/d28aeb9a00032dd043379a50e92fb61dbd7f93d3.pdf",
		"text": "https://archive.orkl.eu/d28aeb9a00032dd043379a50e92fb61dbd7f93d3.txt",
		"img": "https://archive.orkl.eu/d28aeb9a00032dd043379a50e92fb61dbd7f93d3.jpg"
	}
}