Update Date
02/09/2024

Class: Trojan-Ransom

This type of Trojan modifies data on the victim computer so that the victim can no longer use the data, or it prevents the computer from running correctly. Once the data has been “taken hostage” (blocked or encrypted), the user will receive a ransom demand. The ransom demand tells the victim to send the malicious user money; on receipt of this, the cyber criminal will send a program to the victim to restore the data or restore the computer’s performance.

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: Trojan-Ransom.Win32.PogBlock.ex

No family description

Examples

3AA1FEBA321EEBFB6DAD6B715A217B18
095CFDDF8AFA9C13423B10CF8A809ACF
400441D4C856C898D5B276E9C3E0A92C
23479325329F91E6C2D9FD249371A1C2
12A99BBD77534C7976EB30746BFE268B

Tactics and Techniques: Mitre*

TA0007
Discovery

Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using Ping, tracert, and GET requests to websites.


Adversaries may use the results and responses from these requests to determine if the system is capable of communicating with their C2 servers before attempting to connect to them. The results may also be used to identify routes, redirectors, and proxy servers.


T1016.001
System Network Configuration Discovery: Internet Connection Discovery

Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using Ping, tracert, and GET requests to websites.


Adversaries may use the results and responses from these requests to determine if the system is capable of communicating with their C2 servers before attempting to connect to them. The results may also be used to identify routes, redirectors, and proxy servers.


* © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Kaspersky Next
Let’s go Next: redefine your business’s cybersecurity
Learn more
New Kaspersky!
Your digital life deserves complete protection!
Learn more
Confirm changes?
Your message has been sent successfully.