Kaspersky Threats — Trojan-Spy.Win32.Bobik.qoi

クラス: Trojan-Spy

トロイの木馬 - スパイプログラムは、ユーザーの行動を偵察するために使用されます（キーボードで入力されたデータの追跡、スクリーンショットの作成、実行中のアプリケーションのリストの取得など）。電子メール、FTP、ウェブ（要求内のデータを含む）および他の方法を使用してデータを送信することができる。

プラットフォーム: Win32

Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム（Windows XP、Windows 7など）上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。

ファミリー: Trojan-Spy.Win32.Bobik

No family description

Examples

6C876BB453D228A82C09A3301145851F
D4EE5429496940471A5E0570D6287EFB
EC47130AABE7639FA7969D5098B059F3
E4DEC2F6E23A089C6B83778B2171F5AF
272F65017295CB410FF3E8E590710C7E

Tactics and Techniques: Mitre*

TA0040

Impact

The adversary is trying to manipulate, interrupt, or destroy your systems and data.

Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.

T1491.001

Defacement: Internal Defacement

An adversary may deface systems internal to an organization in an attempt to intimidate or mislead users, thus discrediting the integrity of the systems. This may take the form of modifications to internal websites, or directly to user systems with the replacement of the desktop wallpaper.(Citation: Novetta Blockbuster) Disturbing or offensive images may be used as a part of Internal Defacement in order to cause user discomfort, or to pressure compliance with accompanying messages. Since internally defacing systems exposes an adversary's presence, it often takes place after other intrusion goals have been accomplished.(Citation: Novetta Blockbuster Destructive Malware)