BUBBLEWRAP

Description

(FireEye) BUBBLEWRAP is a full-featured backdoor that is set to run when the system boots, and can communicate using HTTP, HTTPS, or a SOCKS proxy. This backdoor collects system information, including the operating system version and hostname, and includes functionality to check, upload, and register plugins that can further enhance its capabilities.

Names

Name
BUBBLEWRAP
Backdoor.APT.FakeWinHTTPHelper

Category

Malware

Type

• Reconnaissance
• Backdoor

Information

• https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html

Mitre Attack

• https://attack.mitre.org/software/S0043/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.bubblewrap

Other Information

Uuid

afe305f3-ba57-4b16-a33a-e679e5853383

Last Card Change

2022-12-30