Class: Trojan-Ransom
This type of Trojan modifies data on the victim computer so that the victim can no longer use the data, or it prevents the computer from running correctly. Once the data has been “taken hostage” (blocked or encrypted), the user will receive a ransom demand. The ransom demand tells the victim to send the malicious user money; on receipt of this, the cyber criminal will send a program to the victim to restore the data or restore the computer’s performance.Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Exploit.Script.Blocker
No family descriptionExamples
8C301310ECC25D28A23F9084F9FF92FC820CDB021A82EDBD73EEC143FECC475A
CC98D1446883207E550C9E6AC5A3E3E5
6F41AAE96B40028B39066BFDC2C25AB3
B4175D0C3052DD527801C7B8BA3AED06
Tactics and Techniques: Mitre*
TA0011
Command and Control
Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
T1571
Non-Standard Port
Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.