Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 17:45:06 UTC
Home > List all groups > List all tools > List all groups using tool httpclient
 Tool: httpclient
Names httpclient
Category Malware
Type Backdoor, Downloader
Description
(CrowdStrike) simple tool that provides a limited range of functionality and uses HTTP
for its C2 channel. This malware also initially performs a connectivity check to
www.microsoft.com using the hard-coded user agent Mozilla/4.0 (Compatible; MsIE
6.0;), although in this variant no attempt is made to extract proxy credentials. The
malware will then connect to its configured C2 infrastructure (file.anyoffice.info) and
perform a HTTP request.
Information
MITRE ATT&CK Last change to this tool card: 22 April 2020
Download this tool card in JSON format
All groups using tool httpclient
Changed Name Country Observed
APT groups
 Putter Panda, APT 2 2007
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f53a60a0-7988-4ef0-9493-3d22909f6638
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=f53a60a0-7988-4ef0-9493-3d22909f6638
Page 1 of 1