WebC2
Description
A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. This family of malware is capable of downloading and executing a file. All variants represented here are the same file with different MD5 signatures. This malware attempts to contact its C2 once a week (Thursday at 10:00 AM). It looks for commands inside a set of HTML tags, part of which are in the File Strings indicator term below.
Names
| Name |
|---|
| WebC2 |
| WebC2-AdSpace |
| WebC2-Ausov |
| WebC2-Bolid |
| WebC2-Cson |
| WebC2-DIV |
| WebC2-GreenCat |
| WebC2-Head |
| WebC2-Kt3 |
| WebC2-Qbp |
| WebC2-Rave |
| WebC2-Table |
| WebC2-UGX |
| WebC2-Yahoo |
Category
Malware
Type
- Backdoor
- Downloader
Information
Mitre Attack
Malpedia
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_adspace
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_ausov
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_bolid
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_cson
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_div
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_greencat
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_head
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_kt3
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_qbp
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_rave
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_table
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_ugx
- https://malpedia.caad.fkie.fraunhofer.de/details/win.webc2_yahoo
Other Information
Uuid
a1e54b72-3eed-49ae-852c-9621bdde6be3
Last Card Change
2020-04-23