SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
Truvasys
Truvasys is first-stage malware that has been used by PROMETHIUM. It is a collection of modules written in the Delphi programming language. [1] [2] [3]
ID: S0178
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 16 January 2018
Last Modified: 18 March 2020
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder |
Truvasys adds a Registry Run key to establish persistence.[1] |
Enterprise | T1036 | .004 | Masquerading: Masquerade Task or Service |
To establish persistence, Truvasys adds a Registry Run key with a value "TaskMgr" in an attempt to masquerade as the legitimate Windows Task Manager.[1] |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0056 | PROMETHIUM |
References
×