BUBBLEWRAP

BUBBLEWRAP is a full-featured, second-stage backdoor used by the admin@338 group. It is set to run when the system boots and includes functionality to check, upload, and register plug-ins that can further enhance its capabilities. [1]

ID: S0043
Aliases: BUBBLEWRAP, Backdoor.APT.FakeWinHTTPHelper
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1071Standard Application Layer ProtocolBUBBLEWRAP can communicate using HTTP or HTTPS.[1]
EnterpriseT1095Standard Non-Application Layer ProtocolBUBBLEWRAP can communicate using SOCKS.[1]
EnterpriseT1082System Information DiscoveryBUBBLEWRAP collects system information, including the operating system version and hostname.[1]

Groups

Groups that use this software:

admin@338

References