{
	"id": "09071c0a-a894-4335-8015-2d613d123cba",
	"created_at": "2026-04-06T00:21:25.187282Z",
	"updated_at": "2026-04-10T03:21:45.387693Z",
	"deleted_at": null,
	"sha1_hash": "fe22adae56f227a6d901e17201e2d1f1d266398a",
	"title": "danbot (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 28763,
	"plain_text": "danbot (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 16:35:17 UTC\r\nDanbot is a backdoor malware that is originally written in C#. Recent versions of Danbot are written in C++.\r\nDanbot is capable of giving a remote attacker remote access features such as running a cmd command, upload and\r\ndownload files, move and copy files. The backdoor commands are transmitted by either using HTTP or DNS\r\nprotocols. The commands are encapsulated in an XML file that gets stored in disk. Danbot's backdoor component\r\npicks up the XML file where it decodes and decrypts the commands.\r\n[TLP:WHITE] win_danbot_auto (20251219 | Detects win.danbot.)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.danbot\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.danbot\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.danbot"
	],
	"report_names": [
		"win.danbot"
	],
	"threat_actors": [],
	"ts_created_at": 1775434885,
	"ts_updated_at": 1775791305,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/fe22adae56f227a6d901e17201e2d1f1d266398a.pdf",
		"text": "https://archive.orkl.eu/fe22adae56f227a6d901e17201e2d1f1d266398a.txt",
		"img": "https://archive.orkl.eu/fe22adae56f227a6d901e17201e2d1f1d266398a.jpg"
	}
}