Threat Group Cards: A Threat Actor Encyclopedia Archived: 2026-04-05 20:14:02 UTC Home > List all groups > List all tools > List all groups using tool WebC2 Tool: WebC2 Names WebC2 WebC2-AdSpace WebC2-Ausov WebC2-Bolid WebC2-Cson WebC2-DIV WebC2-GreenCat WebC2-Head WebC2-Kt3 WebC2-Qbp WebC2-Rave WebC2-Table WebC2-UGX WebC2-Yahoo Category Malware Type Backdoor, Downloader Description A WEBC2 backdoor is designed to retrieve a Web page from a pre-determined C2 server. It expects the Web page to contain special HTML tags; the backdoor will attempt to interpret the data between the tags as commands. This family of malware is capable of downloading and executing a file. All variants represented here are the same file with different MD5 signatures. This malware attempts to contact its C2 once a week (Thursday at 10:00 AM). It looks for commands inside a set of HTML tags, part of which are in the File Strings indicator term below. Information MITRE ATT&CK Malpedia https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a1e54b72-3eed-49ae-852c-9621bdde6be3 Page 1 of 2 Last change to this tool card: 23 April 2020 Download this tool card in JSON format All groups using tool WebC2 Changed Name Country Observed APT groups   Comment Crew, APT 1 2006-May 2018 1 group listed (1 APT, 0 other, 0 unknown) Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a1e54b72-3eed-49ae-852c-9621bdde6be3 https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=a1e54b72-3eed-49ae-852c-9621bdde6be3 Page 2 of 2