1. Home
  2. Software
  3. CCBkdr

CCBkdr

CCBkdr is malware that was injected into a signed version of CCleaner and distributed from CCleaner's distribution website. [1] [2]

ID: S0222
Type: MALWARE
Platforms: Windows
Version: 1.2
Created: 18 April 2018
Last Modified: 25 April 2025
Version Permalink
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1568 .002 Dynamic Resolution: Domain Generation Algorithms

CCBkdr can use a DGA for Fallback Channels if communications with the primary command and control server are lost.[1]
Enterprise T1195 .002 Supply Chain Compromise: Compromise Software Supply Chain

CCBkdr was added to a legitimate, signed version 5.33 of the CCleaner software and distributed on CCleaner's distribution site.[1][2][3]

References

  1. Brumaghin, E. et al. (2017, September 18). CCleanup: A Vast Number of Machines at Risk. Retrieved March 9, 2018.
  2. Rosenberg, J. (2017, September 20). Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner. Retrieved February 13, 2018.
  1. Avast Threat Intelligence Team. (2018, March 8). New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities. Retrieved March 15, 2018.