クラス: Hoax
ホラックスは、ウイルスやその他の悪質なコードに関する偽の警告です。通常、不正行為は、電子メールメッセージの形を取って、危険な新しいウイルスを読者に警告し、読者がメッセージを渡すことを示唆している。ホークスはそれ自体にダメージを与えませんが、意味のあるユーザーによる配布はしばしば恐怖と不確実性を引き起こします。ほとんどのアンチウィルスベンダーは自分のWebサイトに不正情報を含んでいます。警告メッセージを転送する前に必ずチェックすることをお勧めします。プラットフォーム: Win32
Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム(Windows XP、Windows 7など)上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。ファミリー: Hoax.Win32.ArchSMS
No family descriptionExamples
5CDAD142A648EE900DC672A209EE50247C01294D331026EBD0A31AE9EDA7A50A
2B71D6B0FF865B4D9E7472A524068AF3
BF8303D3A5DC3DA3C5A2AA4973C00708
CAD89C23BF89F1DAC4C560FAF9B83F5F
Tactics and Techniques: Mitre*
TA0009
Collection
The adversary is trying to gather data of interest to their goal.
Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) the data. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.
Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) the data. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.
T1560.001
Archive Collected Data: Archive via Utility
Adversaries may use utilities to compress and/or encrypt collected data prior to exfiltration. Many utilities include functionalities to compress, encrypt, or otherwise package data into a format that is easier/more secure to transport.
Adversaries may abuse various utilities to compress or encrypt data before exfiltration. Some third party utilities may be preinstalled, such as
On Windows,
Adversaries may use also third party utilities, such as 7-Zip, WinRAR, and WinZip, to perform similar activities.(Citation: 7zip Homepage)(Citation: WinRAR Homepage)(Citation: WinZip Homepage)
Adversaries may abuse various utilities to compress or encrypt data before exfiltration. Some third party utilities may be preinstalled, such as
tar on Linux and macOS or zip on Windows systems. On Windows,
diantz or makecab may be used to package collected files into a cabinet (.cab) file. diantz may also be used to download and compress files from remote locations (i.e. Remote Data Staging).(Citation: diantz.exe_lolbas) xcopy on Windows can copy files and directories with a variety of options. Additionally, adversaries may use certutil to Base64 encode collected data before exfiltration. Adversaries may use also third party utilities, such as 7-Zip, WinRAR, and WinZip, to perform similar activities.(Citation: 7zip Homepage)(Citation: WinRAR Homepage)(Citation: WinZip Homepage)
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.