ccf32
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[ccf32](https://attack.mitre.org/software/S1043) is data collection malware that has been used since at least February 2019, most notably during the [FunnyDream](https://attack.mitre.org/campaigns/C0007) campaign; there is also a similar x64 version.(Citation: Bitdefender FunnyDream Campaign November 2020)
Associated Techniques (12)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1048.003 | Exfiltration Over Unencrypted Non-C2 Protocol | - |
| T1053.005 | Scheduled Task | - |
| T1059.003 | Windows Command Shell | - |
| T1070.004 | File Deletion | - |
| T1074.001 | Local Data Staging | - |
| T1074.002 | Remote Data Staging | - |
| T1083 | File and Directory Discovery | - |
| T1119 | Automated Collection | - |
| T1124 | System Time Discovery | - |
| T1560.001 | Archive via Utility | - |
| T1564.001 | Hidden Files and Directories | - |
Metadata
| ID: | 461 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |