YAHOYAH
YAHOYAH is a Trojan used by Tropic Trooper as a second-stage backdoor.[1]
ID: S0388
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.2
Created: 17 June 2019
Last Modified: 19 April 2024
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1140 | 反混淆/解码文件或信息 | ||
| Enterprise | T1071 | .001 | 应用层协议: Web Protocols | |
| Enterprise | T1027 | .013 | 混淆文件或信息: Encrypted/Encoded File |
YAHOYAH encrypts its configuration file using a simple algorithm.[1] |
| Enterprise | T1082 | 系统信息发现 |
YAHOYAH checks for the system’s Windows OS version and hostname.[1] |
|
| Enterprise | T1518 | .001 | 软件发现: Security Software Discovery |
YAHOYAH checks for antimalware solution processes on the system.[1] |
| Enterprise | T1105 | 输入工具传输 |
YAHOYAH uses HTTP GET requests to download other files that are executed in memory.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0081 | Tropic Trooper |