WEBC2 (f228af8f-8938-4836-9461-c6ca220ed7c5)

WEBC2 is a family of backdoor malware used by APT1 as early as July 2006. WEBC2 backdoors are designed to retrieve a webpage, with commands hidden in HTML comments or special tags, from a predetermined C2 server. ^{[Mandiant APT1 Appendix]}^{[Mandiant APT1]}

Cluster A	Galaxy A	Cluster B	Galaxy B	Level
APT1 (5307bba1-2674-4fbd-bfd5-1db1ae06fc5f)	Tidal Groups	WEBC2 (f228af8f-8938-4836-9461-c6ca220ed7c5)	Tidal Software	1