Classe: Trojan-FakeAV
Uma classe de programas maliciosos que simulam a atividade do software antivírus ou partes dos módulos de segurança do sistema operacional. Esses programas são projetados para extorquir dinheiro dos usuários em troca da suposta detecção e remoção de ameaças, que na verdade são inexistentes. De um modo geral, este malware mostra muitos pop-ups de repetição em um esforço para fazer com que o usuário se preocupe com a segurança de seu sistema e pague por softwares antivírus falsos. Além disso, os programas do Trojan-FakeAV impedem que o computador funcione corretamente, mas não inibem totalmente o sistema operacional para que o usuário acredite que a ameaça é credível.Plataforma: Win32
O Win32 é uma API em sistemas operacionais baseados no Windows NT (Windows XP, Windows 7, etc.) que oferece suporte à execução de aplicativos de 32 bits. Uma das plataformas de programação mais difundidas do mundo.Família: Trojan-FakeAV.Win32.Onescan
No family descriptionExamples
483E417775ED0A6668385A0BD9450AF13B917956F46CB09C0DD870EE119A781A
D5012DFE07ED5424BFBD28329E8ADAA8
08FDF5B2BE096CB4CEAAFE4698E6D19C
F091B18D096790DA47EA710547EBDD81
Tactics and Techniques: Mitre*
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
T1071.001
Application Layer Protocol: Web Protocols
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic.
Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.