WEBC2-BOLID (a601e1b0-c0bc-4665-9639-4dc5e588520c)
A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. This family of malware is a backdoor capable of downloading files and updating its configuration. Communication with the command and control (C2) server uses a combination of single-byte XOR and Base64 encoded data wrapped in standard HTML tags. The malware family installs a registry key as a persistence mechanism.
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
WEBC2-BOLID (a601e1b0-c0bc-4665-9639-4dc5e588520c) | Tool | WebC2-Bolid (71292a08-9a7b-4df1-b1fd-7d80a8fcc18f) | Malpedia | 1 |