Kategorie: Trojan-Ransom
Diese Art von Trojaner ändert Daten auf dem Opfercomputer, sodass das Opfer die Daten nicht mehr verwenden kann, oder verhindert, dass der Computer ordnungsgemäß ausgeführt wird. Sobald die Daten "entführt" wurden (blockiert oder verschlüsselt), erhält der Benutzer eine Lösegeldforderung.Die Lösegeldforderung weist das Opfer an, dem böswilligen Benutzer Geld zu schicken; Nach Erhalt erhält der Cyberkriminelle ein Programm, mit dem das Opfer die Daten wiederherstellen oder die Leistung des Computers wiederherstellen kann.
Mehr Informationen
Plattform: Win32
Win32 ist eine API auf Windows NT-basierten Betriebssystemen (Windows XP, Windows 7 usw.), die die Ausführung von 32-Bit-Anwendungen unterstützt. Eine der am weitesten verbreiteten Programmierplattformen der Welt.Familie: Trojan-Ransom.Win32.Encoder
No family descriptionExamples
5E1EE832B06A3BBB65A17B2F33D4D302Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1070.007
Clear Network Connection History and Configurations
Adversaries may clear or remove evidence of malicious network connections in order to clean up traces of their operations. Configuration settings as well as various artifacts that highlight connection history may be created on a system and/or in application logs from behaviors that require network connections, such as Remote Services or External Remote Services. Defenders may use these artifacts to monitor or otherwise analyze network connections created by adversaries.
TA0006
Credential Access
The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.
T1552.008
Chat Messages
Adversaries may directly collect unsecured credentials stored or passed through user communication services. Credentials may be sent and stored in user chat communication applications such as email, chat services like Slack or Teams, collaboration tools like Jira or Trello, and any other services that support user communication. Users may share various forms of credentials (such as usernames and passwords, API keys, or authentication tokens) on private or public corporate internal communications channels.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.