Skip to content

Hide Navigation Hide TOC

Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde)

Backspace is a Backdoor that targets the Windows platform. This malware is reportedly associated with targeted attacks against Association of Southeast Asian Nations (ASEAN) members (APT30).

Cluster A Galaxy A Cluster B Galaxy B Level
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde) Tool backspace (23398248-a52a-4a7c-af10-262822d33a4e) Malpedia 1
Backspace (cd6c5f27-cf7e-4529-ae9c-ab5b85102bde) Tool BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 1
System Information Discovery - T1082 (354a7f88-63fb-41b5-a801-ce3b377b36f1) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
File and Directory Discovery - T1083 (7bc57495-ea59-4380-be31-a64af124ef18) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
Modify Registry - T1112 (57340c81-c025-4189-8fa0-fc7ede51bae4) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
Query Registry - T1012 (c32f7008-9fea-41f7-8366-5eb9b74bd896) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
Multi-Stage Channels - T1104 (84e02621-8fdf-470f-bd58-993bb6a89d91) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 2
Process Discovery - T1057 (8f4a33ec-8b1f-4b80-a2f6-642b2e479580) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
Exfiltration Over C2 Channel - T1041 (92d7da27-2d91-488e-a00c-059dc162766d) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware 2
BACKSPACE - S0031 (fb261c56-b80e-43a9-8351-c84081e7213d) Malware Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 2
Shortcut Modification - T1547.009 (4ab929c6-ee2d-4fb5-aab4-b14be2ed7179) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Windows Command Shell - T1059.003 (d1fcf083-a721-4223-aedf-bf8960798d62) Attack Pattern Command and Scripting Interpreter - T1059 (7385dfaf-6886-4229-9ecd-6fd678040830) Attack Pattern 3
Proxy - T1090 (731f4f55-b6d0-41d1-a7a9-072a66389aea) Attack Pattern Internal Proxy - T1090.001 (f6dacc85-b37d-458e-b58d-74fc4bbf5755) Attack Pattern 3
Application Layer Protocol - T1071 (355be19c-ffc9-46d5-8d50-d6a036c675b6) Attack Pattern Web Protocols - T1071.001 (df8b2a25-8bdf-4856-953c-a04372b1c161) Attack Pattern 3
Disable or Modify System Firewall - T1562.004 (5372c5fe-f424-4def-bcd5-d3a8e770f07b) Attack Pattern Impair Defenses - T1562 (3d333250-30e4-4a82-9edc-756c68afc529) Attack Pattern 3
Registry Run Keys / Startup Folder - T1547.001 (9efb1ea7-c37b-4595-9640-b7680cd84279) Attack Pattern Boot or Logon Autostart Execution - T1547 (1ecb2399-e8ba-4f6b-8ba7-5c27d49405cf) Attack Pattern 3
Data Encoding - T1132 (cc7b8c4e-9be0-47ca-b0bb-83915ec3ee2f) Attack Pattern Non-Standard Encoding - T1132.002 (d467bc38-284b-4a00-96ac-125f447799fc) Attack Pattern 3