{
  "type": "malware",
  "spec_version": "2.1",
  "id": "malware--d2c7f8ad-3b50-4cfa-bbb1-799eff06fb40",
  "created": "2020-06-10T18:44:10.896Z",
  "created_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
  "external_references": [
    {
      "source_name": "mitre-attack",
      "url": "https://attack.mitre.org/software/S0471",
      "external_id": "S0471"
    },
    {
      "source_name": "Trend Micro Tick November 2019",
      "description": "Chen, J. et al. (2019, November). Operation ENDTRADE: TICK’s Multi-Stage Backdoors for Attacking Industries and Stealing Classified Data. Retrieved June 9, 2020.",
      "url": "https://documents.trendmicro.com/assets/pdf/Operation-ENDTRADE-TICK-s-Multi-Stage-Backdoors-for-Attacking-Industries-and-Stealing-Classified-Data.pdf"
    }
  ],
  "object_marking_refs": [
    "marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168"
  ],
  "modified": "2025-04-25T14:44:46.558Z",
  "name": "build_downer",
  "description": "[build_downer](https://attack.mitre.org/software/S0471) is a downloader that has been used by [BRONZE BUTLER](https://attack.mitre.org/groups/G0060) since at least 2019.(Citation: Trend Micro Tick November 2019)",
  "is_family": true,
  "x_mitre_modified_by_ref": "identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5",
  "x_mitre_platforms": [
    "Windows"
  ],
  "x_mitre_deprecated": false,
  "x_mitre_domains": [
    "enterprise-attack"
  ],
  "x_mitre_version": "1.0",
  "x_mitre_attack_spec_version": "3.2.0",
  "x_mitre_aliases": [
    "build_downer"
  ],
  "revoked": false
}