Trusted Design

WEBC2-RAVE (FAMILY)

概要

A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. This family of malware will set itself up as a service and connect out to a hardcoded web page and read a modified base64 string from this webpage. The later versions of this malware supports three commands (earlier ones are just downloaders or reverse shells). The first commands will sleep the malware for N number of hours. The second command will download a binary from the encoded HTML comment and execute it on the infected host. The third will spawn an encoded reverse shell to an attacker specified location and port.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

WEBC2-UGX (FAMILY) (score: 0.89)
WEBC2-BOLID (FAMILY) (score: 0.85)
WEBC2-YAHOO (FAMILY) (score: 0.83)
WEBC2-AUSOV (FAMILY) (score: 0.83)
WEBC2-DIV (FAMILY) (score: 0.83)

このPulseに関連する脅威アクター (事実ベース)

CURIUM

Score: 3.53

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1059.012 - Hypervisor CLI

MITREへのリンク →

Dragonfly

Score: 5.02

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT28

Score: 8.61

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption

MITREへのリンク →

OilRig

Score: 15.17

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1048 - Exfiltration Over Alternative Protocol
T1218.010 - Regsvr32
T1592.002 - Software
T1556.005 - Reversible Encryption
T1556 - Modify Authentication Process

MITREへのリンク →

APT39

Score: 5.35

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1547.002 - Authentication Package
T1556.005 - Reversible Encryption

MITREへのリンク →

Mustang Panda

Score: 14.25

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1218.010 - Regsvr32
T1565.002 - Transmitted Data Manipulation
T1556.005 - Reversible Encryption
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

Threat Group-3390

Score: 6.21

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption

MITREへのリンク →

Tropic Trooper

Score: 4.45

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption

MITREへのリンク →

Ember Bear

Score: 3.26

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1218.010 - Regsvr32

MITREへのリンク →

Sandworm Team

Score: 6.84

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption

MITREへのリンク →

Tonto Team

Score: 3.26

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1218.010 - Regsvr32

MITREへのリンク →

Volt Typhoon

Score: 8.73

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1686.002 - Network Device Firewall
T1584.002 - DNS Server

MITREへのリンク →

APT38

Score: 12.70

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1048 - Exfiltration Over Alternative Protocol
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1059.005 - Visual Basic

MITREへのリンク →

APT29

Score: 16.87

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1218.010 - Regsvr32
T1218.009 - Regsvcs/Regasm
T1223 - Compiled HTML File
T1555.004 - Windows Credential Manager

MITREへのリンク →

Magic Hound

Score: 7.12

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption

MITREへのリンク →

APT32

Score: 8.96

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1556 - Modify Authentication Process

MITREへのリンク →

Leviathan

Score: 9.16

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1554 - Compromise Host Software Binary
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Sea Turtle

Score: 7.28

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1686.002 - Network Device Firewall
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption

MITREへのリンク →

Kimsuky

Score: 11.57

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1547.002 - Authentication Package
T1565.002 - Transmitted Data Manipulation
T1556.005 - Reversible Encryption
T1008 - Fallback Channels

MITREへのリンク →

FIN8

Score: 8.47

Matched TTPs:

T1027.017 - SVG Smuggling
T1556.005 - Reversible Encryption
T1556 - Modify Authentication Process

MITREへのリンク →

PROMETHIUM

Score: 5.90

Matched TTPs:

T1547.015 - Login Items
T1059.012 - Hypervisor CLI

MITREへのリンク →

UNC3886

Score: 8.46

Matched TTPs:

T1547.015 - Login Items
T1686.002 - Network Device Firewall
T1218.010 - Regsvr32

MITREへのリンク →

Gamaredon Group

Score: 7.72

Matched TTPs:

T1554 - Compromise Host Software Binary
T1547.002 - Authentication Package
T1556.005 - Reversible Encryption

MITREへのリンク →

Dark Caracal

Score: 6.39

Matched TTPs:

T1048 - Exfiltration Over Alternative Protocol
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption

MITREへのリンク →

Silence

Score: 3.44

Matched TTPs:

T1048 - Exfiltration Over Alternative Protocol

MITREへのリンク →

APT41

Score: 12.24

Matched TTPs:

T1048 - Exfiltration Over Alternative Protocol
T1686.002 - Network Device Firewall
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1008 - Fallback Channels

MITREへのリンク →

TeamTNT

Score: 4.02

Matched TTPs:

T1686.002 - Network Device Firewall
T1556.005 - Reversible Encryption

MITREへのリンク →

Contagious Interview

Score: 8.51

Matched TTPs:

T1686.002 - Network Device Firewall
T1565.002 - Transmitted Data Manipulation
T1556 - Modify Authentication Process

MITREへのリンク →

Rocke

Score: 7.31

Matched TTPs:

T1686.002 - Network Device Firewall
T1556.005 - Reversible Encryption
T1008 - Fallback Channels

MITREへのリンク →

Scattered Spider

Score: 5.76

Matched TTPs:

T1686.002 - Network Device Firewall
T1565.002 - Transmitted Data Manipulation

MITREへのリンク →

APT37

Score: 6.84

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption

MITREへのリンク →

Lazarus Group

Score: 13.72

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1055.005 - Thread Local Storage
T1556 - Modify Authentication Process

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32

MITREへのリンク →

Turla

Score: 5.35

Matched TTPs:

T1547.002 - Authentication Package
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption

MITREへのリンク →

MuddyWater

Score: 5.08

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1556.005 - Reversible Encryption

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Patchwork

Score: 6.54

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Axiom

Score: 7.80

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1160 - Launch Daemon

MITREへのリンク →

BRONZE BUTLER

Score: 7.73

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1008 - Fallback Channels

MITREへのリンク →

Transparent Tribe

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI

MITREへのリンク →

APT33

Score: 5.43

Matched TTPs:

T1218.010 - Regsvr32
T1556.005 - Reversible Encryption
T1556 - Modify Authentication Process

MITREへのリンク →

SideCopy

Score: 4.13

Matched TTPs:

T1584.002 - DNS Server

MITREへのリンク →

Thrip

Score: 5.67

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1556 - Modify Authentication Process

MITREへのリンク →

RTM

Score: 7.98

Matched TTPs:

T1565.002 - Transmitted Data Manipulation
T1059.012 - Hypervisor CLI
T1008 - Fallback Channels

MITREへのリンク →

Wizard Spider

Score: 3.93

Matched TTPs:

T1556.005 - Reversible Encryption
T1556 - Modify Authentication Process

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1130 - Install Root Certificate

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT29

Score: 0.76

Matched TTPs:

T1218.010 - Regsvr32
T1555.003 - Credentials from Web Browsers
T1223 - Compiled HTML File
T1555.004 - Windows Credential Manager
T1218.009 - Regsvcs/Regasm

MITREへのリンク →

OilRig

Score: 0.68

Matched TTPs:

T1218.010 - Regsvr32
T1555.003 - Credentials from Web Browsers
T1048 - Exfiltration Over Alternative Protocol
T1592.002 - Software
T1556.005 - Reversible Encryption
T1556 - Modify Authentication Process

MITREへのリンク →

Lazarus Group

Score: 0.64

Matched TTPs:

T1547.002 - Authentication Package
T1218.010 - Regsvr32
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1556 - Modify Authentication Process
T1055.005 - Thread Local Storage

MITREへのリンク →

Mustang Panda

Score: 0.63

Matched TTPs:

T1218.010 - Regsvr32
T1555.003 - Credentials from Web Browsers
T1556.005 - Reversible Encryption
T1565.002 - Transmitted Data Manipulation
T1556 - Modify Authentication Process
T1055.005 - Thread Local Storage

MITREへのリンク →

APT38

Score: 0.59

Matched TTPs:

T1555.003 - Credentials from Web Browsers
T1048 - Exfiltration Over Alternative Protocol
T1059.012 - Hypervisor CLI
T1556.005 - Reversible Encryption
T1059.005 - Visual Basic

MITREへのリンク →

APT41

Score: 0.58

Matched TTPs:

T1008 - Fallback Channels
T1218.010 - Regsvr32
T1048 - Exfiltration Over Alternative Protocol
T1686.002 - Network Device Firewall
T1556.005 - Reversible Encryption

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る