Trusted Design

WEBC2-CSON (FAMILY)

概要

A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. Members of this family of malware act only as downloaders and droppers for other malware. They communicate with a hard-coded C2 server, reading commands embedded in HTML comment fields. Some variants are executables which act upon execution, others are DLLs which can be attached to services or loaded through search order hijacking.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

このPulseに関連する脅威アクター (事実ベース)

CURIUM

Score: 3.53
Matched TTPs:
  • T1505.003 - Web Shell
  • T1189 - Drive-by Compromise
MITREへのリンク →

Dragonfly

Score: 5.02
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT28

Score: 8.61
Matched TTPs:
  • T1505.003 - Web Shell
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

OilRig

Score: 15.17
Matched TTPs:
  • T1505.003 - Web Shell
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1071.001 - Web Protocols
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

APT39

Score: 7.40
Matched TTPs:
  • T1505.003 - Web Shell
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

Mustang Panda

Score: 16.19
Matched TTPs:
  • T1505.003 - Web Shell
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

GALLIUM

Score: 3.82
Matched TTPs:
  • T1505.003 - Web Shell
  • T1027.002 - Software Packing
MITREへのリンク →

Threat Group-3390

Score: 8.27
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

Tropic Trooper

Score: 4.45
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Ember Bear

Score: 3.26
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Sandworm Team

Score: 6.84
Matched TTPs:
  • T1505.003 - Web Shell
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Fox Kitten

Score: 4.29
Matched TTPs:
  • T1505.003 - Web Shell
  • T1102 - Web Service
MITREへのリンク →

Tonto Team

Score: 3.26
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

Volt Typhoon

Score: 7.95
Matched TTPs:
  • T1505.003 - Web Shell
  • T1614 - System Location Discovery
  • T1027.002 - Software Packing
MITREへのリンク →

APT38

Score: 17.09
Matched TTPs:
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1036.006 - Space after Filename
MITREへのリンク →

APT29

Score: 12.19
Matched TTPs:
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1027.006 - HTML Smuggling
  • T1027.002 - Software Packing
MITREへのリンク →

Magic Hound

Score: 7.12
Matched TTPs:
  • T1505.003 - Web Shell
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

BlackByte

Score: 6.80
Matched TTPs:
  • T1505.003 - Web Shell
  • T1480 - Execution Guardrails
  • T1071.001 - Web Protocols
MITREへのリンク →

APT32

Score: 13.82
Matched TTPs:
  • T1505.003 - Web Shell
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Medusa Group

Score: 5.01
Matched TTPs:
  • T1505.003 - Web Shell
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

Leviathan

Score: 9.16
Matched TTPs:
  • T1505.003 - Web Shell
  • T1102.003 - One-Way Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Sea Turtle

Score: 4.45
Matched TTPs:
  • T1505.003 - Web Shell
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Kimsuky

Score: 13.03
Matched TTPs:
  • T1505.003 - Web Shell
  • T1218.005 - Mshta
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

RedCurl

Score: 3.71
Matched TTPs:
  • T1102 - Web Service
  • T1071.001 - Web Protocols
MITREへのリンク →

Inception

Score: 7.55
Matched TTPs:
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Rocke

Score: 9.05
Matched TTPs:
  • T1102 - Web Service
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

FIN6

Score: 5.27
Matched TTPs:
  • T1102 - Web Service
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

LazyScripter

Score: 4.86
Matched TTPs:
  • T1102 - Web Service
  • T1218.005 - Mshta
MITREへのリンク →

FIN8

Score: 6.46
Matched TTPs:
  • T1102 - Web Service
  • T1071.001 - Web Protocols
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

EXOTIC LILY

Score: 4.02
Matched TTPs:
  • T1102 - Web Service
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

APT42

Score: 3.71
Matched TTPs:
  • T1102 - Web Service
  • T1071.001 - Web Protocols
MITREへのリンク →

Turla

Score: 7.87
Matched TTPs:
  • T1102 - Web Service
  • T1102.002 - Bidirectional Communication
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

Gamaredon Group

Score: 16.43
Matched TTPs:
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1480 - Execution Guardrails
  • T1102.003 - One-Way Communication
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
MITREへのリンク →

TeamTNT

Score: 5.76
Matched TTPs:
  • T1102 - Web Service
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

Sidewinder

Score: 5.02
Matched TTPs:
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

Lazarus Group

Score: 16.06
Matched TTPs:
  • T1218.005 - Mshta
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1027.007 - Dynamic API Resolution
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

MuddyWater

Score: 7.42
Matched TTPs:
  • T1218.005 - Mshta
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

TA2541

Score: 4.39
Matched TTPs:
  • T1218.005 - Mshta
  • T1027.002 - Software Packing
MITREへのリンク →

FIN7

Score: 4.74
Matched TTPs:
  • T1218.005 - Mshta
  • T1102.002 - Bidirectional Communication
MITREへのリンク →

Earth Lusca

Score: 4.11
Matched TTPs:
  • T1218.005 - Mshta
  • T1189 - Drive-by Compromise
MITREへのリンク →

Confucius

Score: 5.02
Matched TTPs:
  • T1218.005 - Mshta
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
MITREへのリンク →

TA551

Score: 3.53
Matched TTPs:
  • T1218.005 - Mshta
  • T1071.001 - Web Protocols
MITREへのリンク →

SideCopy

Score: 6.47
Matched TTPs:
  • T1218.005 - Mshta
  • T1614 - System Location Discovery
MITREへのリンク →

Contagious Interview

Score: 6.59
Matched TTPs:
  • T1480 - Execution Guardrails
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Dark Caracal

Score: 8.45
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

Silence

Score: 3.44
Matched TTPs:
  • T1218.001 - Compiled HTML File
MITREへのリンク →

APT41

Score: 11.46
Matched TTPs:
  • T1218.001 - Compiled HTML File
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

APT37

Score: 6.84
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
MITREへのリンク →

APT12

Score: 3.89
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1203 - Exploitation for Client Execution
MITREへのリンク →

ZIRCONIUM

Score: 4.45
Matched TTPs:
  • T1102.002 - Bidirectional Communication
  • T1027.002 - Software Packing
MITREへのリンク →

Saint Bear

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Andariel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

The White Company

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Patchwork

Score: 8.60
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Axiom

Score: 7.80
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1001.002 - Steganography
MITREへのリンク →

APT3

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

BRONZE BUTLER

Score: 7.73
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1071.001 - Web Protocols
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Transparent Tribe

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

Aoqin Dragon

Score: 3.55
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1027.002 - Software Packing
MITREへのリンク →

Elderwood

Score: 5.31
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
  • T1027.002 - Software Packing
MITREへのリンク →

Darkhotel

Score: 3.26
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1189 - Drive-by Compromise
MITREへのリンク →

APT33

Score: 5.43
Matched TTPs:
  • T1203 - Exploitation for Client Execution
  • T1071.001 - Web Protocols
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

RTM

Score: 5.05
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Mustard Tempest

Score: 6.30
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1608.006 - SEO Poisoning
MITREへのリンク →

TA505

Score: 3.24
Matched TTPs:
  • T1027.002 - Software Packing
  • T1071.001 - Web Protocols
MITREへのリンク →

Wizard Spider

Score: 3.93
Matched TTPs:
  • T1071.001 - Web Protocols
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
MITREへのリンク →

Equation

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

Strider

Score: 4.13
Matched TTPs:
  • T1564.005 - Hidden File System
MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT38

Score: 0.74
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1218.005 - Mshta
  • T1027.002 - Software Packing
  • T1218.001 - Compiled HTML File
  • T1505.003 - Web Shell
  • T1071.001 - Web Protocols
  • T1036.006 - Space after Filename
MITREへのリンク →

Lazarus Group

Score: 0.73
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1189 - Drive-by Compromise
  • T1218.005 - Mshta
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1203 - Exploitation for Client Execution
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
MITREへのリンク →

Gamaredon Group

Score: 0.72
Matched TTPs:
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1480 - Execution Guardrails
  • T1102.002 - Bidirectional Communication
  • T1102.003 - One-Way Communication
  • T1071.001 - Web Protocols
MITREへのリンク →

Mustang Panda

Score: 0.71
Matched TTPs:
  • T1027.007 - Dynamic API Resolution
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1203 - Exploitation for Client Execution
  • T1505.003 - Web Shell
  • T1071.001 - Web Protocols
MITREへのリンク →

OilRig

Score: 0.68
Matched TTPs:
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1203 - Exploitation for Client Execution
  • T1137.004 - Outlook Home Page
  • T1218.001 - Compiled HTML File
  • T1505.003 - Web Shell
  • T1071.001 - Web Protocols
MITREへのリンク →

APT32

Score: 0.65
Matched TTPs:
  • T1189 - Drive-by Compromise
  • T1102 - Web Service
  • T1218.005 - Mshta
  • T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
  • T1203 - Exploitation for Client Execution
  • T1505.003 - Web Shell
  • T1071.001 - Web Protocols
MITREへのリンク →

Kimsuky

Score: 0.58
Matched TTPs:
  • T1218.005 - Mshta
  • T1027.002 - Software Packing
  • T1505.003 - Web Shell
  • T1102.002 - Bidirectional Communication
  • T1071.001 - Web Protocols
  • T1102.001 - Dead Drop Resolver
MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

← Pulse一覧に戻る