Clase: Trojan-Ransom
Este tipo de troyano modifica los datos en la computadora de la víctima para que la víctima ya no pueda usar los datos, o evita que la computadora se ejecute correctamente. Una vez que los datos han sido "tomados como rehenes" (bloqueados o encriptados), el usuario recibirá una demanda de rescate. La demanda de rescate le dice a la víctima que envíe dinero al usuario malintencionado; al recibir esto, el ciberdelincuente enviará un programa a la víctima para restaurar los datos o restaurar el rendimiento de la computadora.Más información
Plataforma: Win32
Win32 es una API en sistemas operativos basados en Windows NT (Windows XP, Windows 7, etc.) que admite la ejecución de aplicaciones de 32 bits. Una de las plataformas de programación más extendidas en el mundo.Familia: Trojan-Ransom.Win32.Blocker
No family descriptionExamples
A04871ADF6418A22F6C59A44CBDD444E34AC81CBC732373101A1088328DBAB88
AD7CB701570574DEDEE14B523AE5F0F4
CA36F093C50FFB4B387D44F4991D54F2
05CA13459D6267CFF25ADBDEAA4F4949
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036
Masquerading
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Renaming abusable system utilities to evade security monitoring is also a form of Masquerading.(Citation: LOLBAS Main Site) Masquerading may also include the use of Proxy or VPNs to disguise IP addresses, which can allow adversaries to blend in with normal network traffic and bypass conditional access policies or anti-abuse protections.
Renaming abusable system utilities to evade security monitoring is also a form of Masquerading.(Citation: LOLBAS Main Site) Masquerading may also include the use of Proxy or VPNs to disguise IP addresses, which can allow adversaries to blend in with normal network traffic and bypass conditional access policies or anti-abuse protections.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.