Software: WEBC2

From enterprise
Jump to: navigation, search
WEBC2
Software
ID S0109
Aliases WEBC2
Type Malware

WEBC2 is a backdoor used by APT1 to retrieve a Web page from a predetermined C2 server.1

Techniques Used

  • DLL Search Order Hijacking - Variants of WEBC2 achieve persistence by using DLL search order hijacking, usually by copying the DLL file to %SYSTEMROOT% (C:\WINDOWS\ntshrui.dll).1

Groups

The following groups use this software: