SOFTWARE
Arp
at
cmd
Dok
FTP
Net
Orz
Reg
RTM
Tor
yty
SOFTWARE
1-9
A-B
Arp
at
C-D
cmd
Dok
E-F
FTP
G-H
I-J
K-L
M-N
Net
O-P
Orz
Q-R
Reg
RTM
S-T
Tor
U-V
W-X
Y-Z
yty
  1. Home
  2. Software
  3. CCBkdr

CCBkdr

CCBkdr is malware that was injected into a signed version of CCleaner and distributed from CCleaner's distribution website. [1] [2]

ID: S0222
Type: MALWARE
Platforms: Windows
Version: 1.1
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1483 Domain Generation Algorithms

CCBkdr can use a DGA for Fallback Channels if communications with the primary command and control server are lost.[1]
Enterprise T1195 Supply Chain Compromise

CCBkdr was added to a legitimate, signed version 5.33 of the CCleaner software and distributed on CCleaner's distribution site.[1][2][3]

References

  1. Brumaghin, E. et al. (2017, September 18). CCleanup: A Vast Number of Machines at Risk. Retrieved March 9, 2018.
  2. Rosenberg, J. (2017, September 20). Evidence Aurora Operation Still Active: Supply Chain Attack Through CCleaner. Retrieved February 13, 2018.
  1. Avast Threat Intelligence Team. (2018, March 8). New investigations into the CCleaner incident point to a possible third stage that had keylogger capacities. Retrieved March 15, 2018.