WEBC2-QBP (84f3bacf-abd5-445e-a98a-5b02f1eaac92)
The WEBC2 malware family is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. The WEBC2-QBP variant will search for two strings in a HTML comment. The first will be "2010QBP " followed by " 2010QBP//--". Inside these tags will be a DES-encrypted string.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
WebC2-Qbp (71d8ef43-3767-494b-afaa-f58aad70df65) | Malpedia | WEBC2-QBP (84f3bacf-abd5-445e-a98a-5b02f1eaac92) | Tool | 1 |