Kaspersky Threats — Trojan.Win32.Vebzenpak.ajus

Class: Trojan

A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).

Read more

Platform: Win32

Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.

Family: Trojan.Win32.Vebzenpak.ajus

No family description

Examples

D29808808E99A786DD282949A43C316E
1C395E2F12BD85006A1714E3BEF6B1BE
2F46323FD75098D2F50323CD79DD6F2C
6B814F029049CC661561FA32BFB4A8A6
F9141CC4A246FBB158C8113420DC661F

Tactics and Techniques: Mitre*

TA0011

Command and Control

Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.

T1071.001

Web Protocols

T1102

Web Service

Adversaries may use an existing, legitimate external Web service as a means for relaying data to/from a compromised system. Popular websites and social media acting as a mechanism for C2 may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to a compromise. Using common services, such as those offered by Google or Twitter, makes it easier for adversaries to hide in expected noise. Web service providers commonly use SSL/TLS encryption, giving adversaries an added level of protection.