Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

WEBC2

WEBC2 is a backdoor used by APT1 to retrieve a Web page from a predetermined C2 server. [1]

ID: S0109
Aliases: WEBC2
Type: MALWARE
Platforms: Windows

Version: 1.0

Techniques Used

DomainIDNameUse
EnterpriseT1038DLL Search Order HijackingVariants of WEBC2 achieve persistence by using DLL search order hijacking, usually by copying the DLL file to %SYSTEMROOT% (C:\WINDOWS\ntshrui.dll).[1]

Groups

Groups that use this software:

APT1

References