WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22)

WEBC2 is a family of backdoor malware used by APT1 as early as July 2006. WEBC2 backdoors are designed to retrieve a webpage, with commands hidden in HTML comments or special tags, from a predetermined C2 server. (Citation: Mandiant APT1 Appendix)(Citation: Mandiant APT1)

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
WEBC2 (b5be84b7-bf2c-40d0-85a9-14c040881a98)	Tool	WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22)	Malware	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22)	Malware	1
WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22)	Malware	Ingress Tool Transfer - T1105 (e6919abc-99f9-4c6c-95a5-14761e7b2add)	Attack Pattern	1
WEBC2 - S0109 (1d808f62-cf63-4063-9727-ff6132514c22)	Malware	DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	1
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62)	Attack Pattern	Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830)	Attack Pattern	2
Hijack Execution Flow - T1574 (aedfca76-3b30-4866-b2aa-0f1d7fd1e4b6)	Attack Pattern	DLL Search Order Hijacking - T1574.001 (2fee9321-3e71-4cf4-af24-d4d40d355b34)	Attack Pattern	2