Kategorie: Trojan-Ransom
Diese Art von Trojaner ändert Daten auf dem Opfercomputer, sodass das Opfer die Daten nicht mehr verwenden kann, oder verhindert, dass der Computer ordnungsgemäß ausgeführt wird. Sobald die Daten "entführt" wurden (blockiert oder verschlüsselt), erhält der Benutzer eine Lösegeldforderung.Die Lösegeldforderung weist das Opfer an, dem böswilligen Benutzer Geld zu schicken; Nach Erhalt erhält der Cyberkriminelle ein Programm, mit dem das Opfer die Daten wiederherstellen oder die Leistung des Computers wiederherstellen kann.
Mehr Informationen
Plattform: Win32
Win32 ist eine API auf Windows NT-basierten Betriebssystemen (Windows XP, Windows 7 usw.), die die Ausführung von 32-Bit-Anwendungen unterstützt. Eine der am weitesten verbreiteten Programmierplattformen der Welt.Familie: Trojan-Ransom.Win32.Encoder
No family descriptionExamples
67257D49EBD89252CEA1B3A9A2C99412Tactics and Techniques: Mitre*
TA0004
Privilege Escalation
The adversary is trying to gain higher-level permissions. Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: SYSTEM/root level, local administrator, user account with admin-like access, user accounts with access to specific system or perform specific function. These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.
T1134
Access Token Manipulation
Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1070.001
Clear Windows Event Logs
Adversaries may clear Windows Event Logs to hide the activity of an intrusion. Windows Event Logs are a record of a computer's alerts and notifications. There are three system-defined sources of events: System, Application, and Security, with five event types: Error, Warning, Information, Success Audit, and Failure Audit.
T1134
Access Token Manipulation
Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
TA0040
Impact
The adversary is trying to manipulate, interrupt, or destroy your systems and data. Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries' goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.
T1486
Data Encrypted for Impact
Adversaries may encrypt data on target systems or on large numbers of systems in a network to interrupt availability to system and network resources. They can attempt to render stored data inaccessible by encrypting files or data on local and remote drives and withholding access to a decryption key. This may be done in order to extract monetary compensation from a victim in exchange for decryption or a decryption key (ransomware) or to render data permanently inaccessible in cases where the key is not saved or transmitted.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.