Register to stream ATT&CKcon 2.0 October 29-30

CCBkdr

CCBkdr is malware that was injected into a signed version of CCleaner and distributed from CCleaner's distribution website. [1] [2]

ID: S0222
Type: MALWARE
Platforms: Windows
Version: 1.1

Techniques Used

Domain ID Name Use
Enterprise T1483 Domain Generation Algorithms CCBkdr can use a DGA for Fallback Channels if communications with the primary command and control server are lost. [1]
Enterprise T1195 Supply Chain Compromise CCBkdr was added to a legitimate, signed version 5.33 of the CCleaner software and distributed on CCleaner's distribution site. [1] [2] [3]

References