Home > List all groups > List all tools > List all groups using tool WARP

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: WARP

TypeReconnaissance, Backdoor
DescriptionThe WARP malware family is an HTTP based backdoor written in C++, and the majority of its code base is borrowed from source code available in the public domain. Network communications are implemented using the same WWW client library (w3c.cpp) available from The malware has system survey functionality (collects hostname, current user, system uptime, CPU speed, etc.) taken directly from the BO2K backdoor available from It also contains the hard disk identification code found at When the WARP executing remote commands, the malware creates a copy of the ?%SYSTEMROOT%\system32\cmd.exe? file as '%USERPROFILE%\Temp\~ISUN32.EXE'. The version signature information of the duplicate executable is zeroed out. Some WARP variants maintain persistence through the use of DLL search order hijacking.

Last change to this tool card: 20 April 2020

Download this tool card in JSON format

All groups using tool WARP


APT groups

 Comment Crew, APT 1China2006-May 2018X

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key