クラス: Trojan-Ransom
このタイプのトロイの木馬は、被害者のコンピュータ上のデータを変更して、被害者がデータを使用できなくなったり、コンピュータが正しく動作しないようにします。データが「人質になった」(ブロックされているか暗号化されている)と、ユーザーは身代金要求を受け取ります。身代金の要求は、被害者に悪質なユーザーのお金を送るように指示します。これを受け取り、サイバー犯罪者は被害者にデータを復元したり、コンピュータのパフォーマンスを復元するためのプログラムを送信します。プラットフォーム: Win32
Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム(Windows XP、Windows 7など)上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。ファミリー: Trojan-Ransom.Win32.Encoder
No family descriptionExamples
5F0D0894426564D2CB2823FAFED23CD6Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036.005
Match Legitimate Name or Location
Adversaries may match or approximate the name or location of legitimate files or resources when naming/placing them. This is done for the sake of evading defenses and observation. This may be done by placing an executable in a commonly trusted directory (ex: under System32) or giving it the name of a legitimate, trusted program (ex: svchost.exe). In containerized environments, this may also be done by creating a resource in a namespace that matches the naming convention of a container pod or cluster. Alternatively, a file or container image name given may be a close approximation to legitimate programs/images or something innocuous.
T1036.007
Double File Extension
Adversaries may abuse a double extension in the filename as a means of masquerading the true file type. A file name may include a secondary file type extension that may cause only the first extension to be displayed (ex:
File.txt.exe may render in some views as just File.txt). However, the second extension is the true file type that determines how the file is opened and executed. The real file extension may be hidden by the operating system in the file browser (ex: explorer.exe), as well as in any software configured using or similar to the system’s policies. * © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.