Skip to content

S0222 CCBkdr

CCBkdr is malware that was injected into a signed version of CCleaner and distributed from CCleaner’s distribution website. 1 2

Item Value
ID S0222
Associated Names
Type MALWARE
Version 1.2
Created 18 April 2018
Last Modified 20 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1568 Dynamic Resolution -
enterprise T1568.002 Domain Generation Algorithms CCBkdr can use a DGA for Fallback Channels if communications with the primary command and control server are lost.1
enterprise T1195 Supply Chain Compromise -
enterprise T1195.002 Compromise Software Supply Chain CCBkdr was added to a legitimate, signed version 5.33 of the CCleaner software and distributed on CCleaner’s distribution site.123

References