CCBkdr is malware that was injected into a signed version of CCleaner and distributed from CCleaner's distribution website. [1] [2]

ID: S0222
Platforms: Windows
Version: 1.2
Created: 18 April 2018
Last Modified: 20 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1568 .002 Dynamic Resolution: Domain Generation Algorithms

CCBkdr can use a DGA for Fallback Channels if communications with the primary command and control server are lost.[1]

Enterprise T1195 .002 Supply Chain Compromise: Compromise Software Supply Chain

CCBkdr was added to a legitimate, signed version 5.33 of the CCleaner software and distributed on CCleaner's distribution site.[1][2][3]