WEBC2-ADSPACE (2d8043b4-48ef-4992-a04a-c342cbbb4f87)
A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. This family of malware is capable of downloading and executing a file. All variants represented here are the same file with different MD5 signatures. This malware attempts to contact its C2 once a week (Thursday at 10:00 AM). It looks for commands inside a set of HTML tags, part of which are in the File Strings indicator term below.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| WEBC2-ADSPACE (2d8043b4-48ef-4992-a04a-c342cbbb4f87) | Tool | WebC2-AdSpace (e57c677f-0117-4e23-8c3f-a772ed809f4c) | Malpedia | 1 |