Searching
..

Click anywhere to stop

Trojan-Ransom.Win32.Crypmodadv.vho

Class Trojan-Ransom
Platform Win32
Family Crypmodadv
Full name HEUR:Trojan-Ransom.Win32.Crypmodadv.vho
Examples 8CB8495A8C252927920BF75871055665
A86D5177C4DB6AF289406252194EF78F
C8586AFBF096E3BFD30534637EE53C6C
7EDCC075170C203A1193CBBFD8A19885
70320DC0550316378059D882E1974DD5
Updated at 2023-10-28 05:11:29
Tactics &
techniques MITRE*

TA0005 Defense Evasion

The adversary is trying to avoid being detected.


Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.


T1036 Masquerading

Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.

Renaming abusable system utilities to evade security monitoring is also a form of Masquerading.(Citation: LOLBAS Main Site) Masquerading may also include the use of Proxy or VPNs to disguise IP addresses, which can allow adversaries to blend in with normal network traffic and bypass conditional access policies or anti-abuse protections.
* © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
Find out the statistics of the threats spreading in your region