Trusted Design

WEBC2-RAVE (FAMILY)

概要

A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. This family of malware will set itself up as a service and connect out to a hardcoded web page and read a modified base64 string from this webpage. The later versions of this malware supports three commands (earlier ones are just downloaders or reverse shells). The first commands will sleep the malware for N number of hours. The second command will download a binary from the encoded HTML comment and execute it on the infected host. The third will spawn an encoded reverse shell to an attacker specified location and port.

Created: 2026-02-23

Indicators

Indicatorsは見つかっていない。

類似Pulses

WEBC2-UGX (FAMILY) (score: 0.89)
WEBC2-BOLID (FAMILY) (score: 0.85)
WEBC2-YAHOO (FAMILY) (score: 0.83)
WEBC2-AUSOV (FAMILY) (score: 0.83)
WEBC2-DIV (FAMILY) (score: 0.83)

このPulseに関連する脅威アクター (事実ベース)

CURIUM

Score: 3.53

Matched TTPs:

T1505.003 - Web Shell
T1189 - Drive-by Compromise

MITREへのリンク →

Dragonfly

Score: 5.02

Matched TTPs:

T1505.003 - Web Shell
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT28

Score: 8.61

Matched TTPs:

T1505.003 - Web Shell
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

OilRig

Score: 15.17

Matched TTPs:

T1505.003 - Web Shell
T1218.001 - Compiled HTML File
T1203 - Exploitation for Client Execution
T1137.004 - Outlook Home Page
T1071.001 - Web Protocols
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT39

Score: 5.35

Matched TTPs:

T1505.003 - Web Shell
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols

MITREへのリンク →

Mustang Panda

Score: 14.25

Matched TTPs:

T1505.003 - Web Shell
T1203 - Exploitation for Client Execution
T1219.002 - Remote Desktop Software
T1071.001 - Web Protocols
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Threat Group-3390

Score: 6.21

Matched TTPs:

T1505.003 - Web Shell
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

Tropic Trooper

Score: 4.45

Matched TTPs:

T1505.003 - Web Shell
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

Ember Bear

Score: 3.26

Matched TTPs:

T1505.003 - Web Shell
T1203 - Exploitation for Client Execution

MITREへのリンク →

Sandworm Team

Score: 6.84

Matched TTPs:

T1505.003 - Web Shell
T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

Tonto Team

Score: 3.26

Matched TTPs:

T1505.003 - Web Shell
T1203 - Exploitation for Client Execution

MITREへのリンク →

Volt Typhoon

Score: 8.73

Matched TTPs:

T1505.003 - Web Shell
T1059.004 - Unix Shell
T1614 - System Location Discovery

MITREへのリンク →

APT38

Score: 12.70

Matched TTPs:

T1505.003 - Web Shell
T1218.001 - Compiled HTML File
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1036.006 - Space after Filename

MITREへのリンク →

APT29

Score: 16.87

Matched TTPs:

T1505.003 - Web Shell
T1203 - Exploitation for Client Execution
T1090.004 - Domain Fronting
T1027.006 - HTML Smuggling
T1651 - Cloud Administration Command

MITREへのリンク →

Magic Hound

Score: 7.12

Matched TTPs:

T1505.003 - Web Shell
T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

APT32

Score: 8.96

Matched TTPs:

T1505.003 - Web Shell
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Leviathan

Score: 9.16

Matched TTPs:

T1505.003 - Web Shell
T1102.003 - One-Way Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Sea Turtle

Score: 7.28

Matched TTPs:

T1505.003 - Web Shell
T1059.004 - Unix Shell
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

Kimsuky

Score: 11.57

Matched TTPs:

T1505.003 - Web Shell
T1102.002 - Bidirectional Communication
T1219.002 - Remote Desktop Software
T1071.001 - Web Protocols
T1102.001 - Dead Drop Resolver

MITREへのリンク →

FIN8

Score: 8.47

Matched TTPs:

T1055.004 - Asynchronous Procedure Call
T1071.001 - Web Protocols
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

PROMETHIUM

Score: 5.90

Matched TTPs:

T1205.001 - Port Knocking
T1189 - Drive-by Compromise

MITREへのリンク →

UNC3886

Score: 8.46

Matched TTPs:

T1205.001 - Port Knocking
T1059.004 - Unix Shell
T1203 - Exploitation for Client Execution

MITREへのリンク →

Gamaredon Group

Score: 7.72

Matched TTPs:

T1102.003 - One-Way Communication
T1102.002 - Bidirectional Communication
T1071.001 - Web Protocols

MITREへのリンク →

Dark Caracal

Score: 6.39

Matched TTPs:

T1218.001 - Compiled HTML File
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

Silence

Score: 3.44

Matched TTPs:

T1218.001 - Compiled HTML File

MITREへのリンク →

APT41

Score: 12.24

Matched TTPs:

T1218.001 - Compiled HTML File
T1059.004 - Unix Shell
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1102.001 - Dead Drop Resolver

MITREへのリンク →

TeamTNT

Score: 4.02

Matched TTPs:

T1059.004 - Unix Shell
T1071.001 - Web Protocols

MITREへのリンク →

Contagious Interview

Score: 8.51

Matched TTPs:

T1059.004 - Unix Shell
T1219.002 - Remote Desktop Software
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Rocke

Score: 7.31

Matched TTPs:

T1059.004 - Unix Shell
T1071.001 - Web Protocols
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Scattered Spider

Score: 5.76

Matched TTPs:

T1059.004 - Unix Shell
T1219.002 - Remote Desktop Software

MITREへのリンク →

APT37

Score: 6.84

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

Lazarus Group

Score: 13.72

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1027.007 - Dynamic API Resolution
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

APT12

Score: 3.89

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution

MITREへのリンク →

Turla

Score: 5.35

Matched TTPs:

T1102.002 - Bidirectional Communication
T1189 - Drive-by Compromise
T1071.001 - Web Protocols

MITREへのリンク →

MuddyWater

Score: 5.08

Matched TTPs:

T1102.002 - Bidirectional Communication
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols

MITREへのリンク →

Andariel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Patchwork

Score: 6.54

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Axiom

Score: 7.80

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1001.002 - Steganography

MITREへのリンク →

BRONZE BUTLER

Score: 7.73

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Transparent Tribe

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Elderwood

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

Darkhotel

Score: 3.26

Matched TTPs:

T1203 - Exploitation for Client Execution
T1189 - Drive-by Compromise

MITREへのリンク →

APT33

Score: 5.43

Matched TTPs:

T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

SideCopy

Score: 4.13

Matched TTPs:

T1614 - System Location Discovery

MITREへのリンク →

Thrip

Score: 5.67

Matched TTPs:

T1219.002 - Remote Desktop Software
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

RTM

Score: 7.98

Matched TTPs:

T1219.002 - Remote Desktop Software
T1189 - Drive-by Compromise
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Wizard Spider

Score: 3.93

Matched TTPs:

T1071.001 - Web Protocols
T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol

MITREへのリンク →

Equation

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

Strider

Score: 4.13

Matched TTPs:

T1564.005 - Hidden File System

MITREへのリンク →

このPulseに関連する脅威アクター (推論ベース)

APT29

Score: 0.76

Matched TTPs:

T1203 - Exploitation for Client Execution
T1027.006 - HTML Smuggling
T1505.003 - Web Shell
T1090.004 - Domain Fronting
T1651 - Cloud Administration Command

MITREへのリンク →

OilRig

Score: 0.68

Matched TTPs:

T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1505.003 - Web Shell
T1137.004 - Outlook Home Page
T1218.001 - Compiled HTML File

MITREへのリンク →

Lazarus Group

Score: 0.64

Matched TTPs:

T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1189 - Drive-by Compromise
T1071.001 - Web Protocols
T1102.002 - Bidirectional Communication

MITREへのリンク →

Mustang Panda

Score: 0.63

Matched TTPs:

T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol
T1203 - Exploitation for Client Execution
T1027.007 - Dynamic API Resolution
T1071.001 - Web Protocols
T1505.003 - Web Shell
T1219.002 - Remote Desktop Software

MITREへのリンク →

APT38

Score: 0.59

Matched TTPs:

T1071.001 - Web Protocols
T1189 - Drive-by Compromise
T1505.003 - Web Shell
T1218.001 - Compiled HTML File
T1036.006 - Space after Filename

MITREへのリンク →

APT41

Score: 0.58

Matched TTPs:

T1203 - Exploitation for Client Execution
T1071.001 - Web Protocols
T1059.004 - Unix Shell
T1218.001 - Compiled HTML File
T1102.001 - Dead Drop Resolver

MITREへのリンク →

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクターグラフ

← Pulse一覧に戻る