The sub-techniques beta is now live! Read the release blog post for more info.


CCBkdr is malware that was injected into a signed version of CCleaner and distributed from CCleaner's distribution website. [1] [2]

ID: S0222
Platforms: Windows
Version: 1.1
Created: 18 April 2018
Last Modified: 24 April 2019

Techniques Used

Domain ID Name Use
Enterprise T1483 Domain Generation Algorithms

CCBkdr can use a DGA for Fallback Channels if communications with the primary command and control server are lost.[1]

Enterprise T1195 Supply Chain Compromise

CCBkdr was added to a legitimate, signed version 5.33 of the CCleaner software and distributed on CCleaner's distribution site.[1][2][3]