Kaspersky Threats — Trojan-FakeAV.Win32.Agent.jnws

クラス: Trojan-FakeAV

ウイルス対策ソフトウェアまたはオペレーティングシステムのセキュリティモジュールの一部の動作をシミュレートする悪質なプログラムの一種。これらのプログラムは、実際には存在しない脅威の検出と除去が行われたことを受けて、ユーザーから金銭を奪うように設計されています。一般的に言えば、このマルウェアは、ユーザがシステムのセキュリティを悩ませたり、偽のAVソフトウェアを支払うようにするため、多くの繰り返しポップアップを表示します。さらに、Trojan-FakeAVプログラムは、コンピュータが正常に動作しないようにしますが、オペレーティングシステムを完全に禁止しておらず、脅威が信頼できるものだとユーザに信じさせるものです。

プラットフォーム: Win32

Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム（Windows XP、Windows 7など）上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。

ファミリー: Trojan-FakeAV.Win32.Agent

No family description

Examples

302D28DB88BAB7FF7C34D57C4DE65AB3

Tactics and Techniques: Mitre*

TA0005

Defense Evasion

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

T1497.001

System Checks

Adversaries may employ various system checks to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from Virtualization/Sandbox Evasion during automated discovery to shape follow-on behaviors.

TA0007

Discovery

The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what's around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.

T1497.001

System Checks

T1518

Software Discovery

Adversaries may attempt to get a listing of software and software versions that are installed on a system or in a cloud environment. Adversaries may use the information from Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.

TA0011

Command and Control

The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim's network structure and defenses.

T1071.001

Web Protocols

Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.