WEBC2-HEAD (4ef97a7e-5686-44cb-ad91-7a393f32f39b)
The WEBC2 malware family is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. The WEBC2-HEAD variant communicates over HTTPS, using the system's SSL implementation to encrypt all communications with the C2 server. WEBC2-HEAD first issues an HTTP GET to the host, sending the Base64-encoded string containing the name of the compromised machine running the malware.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| WebC2-Head (f9f37707-36cf-4ad0-88e0-86f47cbe0ed6) | Malpedia | WEBC2-HEAD (4ef97a7e-5686-44cb-ad91-7a393f32f39b) | Tool | 1 |