Kaspersky Threats — Trojan-FakeAV.Win32.Agent.jntg

Sınıf: Trojan-FakeAV

Antivirüs yazılımının veya işletim sistemi güvenlik modüllerinin parçalarının aktivitesini simüle eden kötü amaçlı programların bir sınıfı. Bu programlar, aslında var olmayan tehditlerin algılanması ve kaldırılması karşılığında kullanıcılardan para çekmek için tasarlanmıştır. Genel olarak, bu kötü amaçlı yazılım, kullanıcının sistemlerinin güvenliği konusunda endişe duyması ve sahte AV yazılımı için ödeme yapması için birçok tekrarlanan pop-up gösteriyor. Ayrıca, Trojan-FakeAV programları bilgisayarın düzgün çalışmasını engeller, ancak kullanıcının tehdidin güvenilir olduğuna inanması için işletim sistemini tamamen engellemez.

Platform: Win32

Win32, 32-bit uygulamaların yürütülmesini destekleyen Windows NT tabanlı işletim sistemlerinde (Windows XP, Windows 7, vb.) Bir API'dir. Dünyanın en yaygın programlama platformlarından biri.

Aile: Trojan-FakeAV.Win32.Agent

No family description

Examples

502FF45525F3416B73DF63EA133C7ED3

Tactics and Techniques: Mitre*

TA0003

Persistence

The adversary is trying to maintain their foothold. Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.

T1098

Account Manipulation

Adversaries may manipulate accounts to maintain and/or elevate access to victim systems. Account manipulation may consist of any action that preserves or modifies adversary access to a compromised account, such as modifying credentials or permission groups. These actions could also include account activity designed to subvert security policies, such as performing iterative password updates to bypass password duration policies and preserve the life of compromised credentials.

TA0004

Privilege Escalation

The adversary is trying to gain higher-level permissions. Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: SYSTEM/root level, local administrator, user account with admin-like access, user accounts with access to specific system or perform specific function. These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.

T1134

Access Token Manipulation

Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.

TA0005

Defense Evasion

The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.

T1134

Access Token Manipulation