YAHOYAH is a Trojan used by Tropic Trooper as a second-stage backdoor.[1]
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
Enterprise | T1140 | Deobfuscate/Decode Files or Information | ||
Enterprise | T1105 | Ingress Tool Transfer |
YAHOYAH uses HTTP GET requests to download other files that are executed in memory.[1] |
|
Enterprise | T1027 | .013 | Obfuscated Files or Information: Encrypted/Encoded File |
YAHOYAH encrypts its configuration file using a simple algorithm.[1] |
Enterprise | T1518 | .001 | Software Discovery: Security Software Discovery |
YAHOYAH checks for antimalware solution processes on the system.[1] |
Enterprise | T1082 | System Information Discovery |
YAHOYAH checks for the system’s Windows OS version and hostname.[1] |
ID | Name | References |
---|---|---|
G0081 | Tropic Trooper |