(McAfee) Concealment Troy does not employ real-time IRC control as earlier versions did. (Concealment Troy is a typical HTTP botnet.)
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |
| IP:Port | Timestamp |
|---|
| Domain | Timestamp |
|---|
| URL | Timestamp |
|---|
2018-05-03 by Ryan Sherstobitoff from McAfee
2013-04-24 by R136a1 from
Tool: Concealment Troy
Names: Concealment Troy, concealment_troy
Description: (McAfee) Concealment Troy does not employ real-time IRC control as earlier versions did. (Concealment Troy is a typical HTTP botnet.)
Category: Malware
Type: Backdoor, Botnet
Information: https://www.mcafee.com/enterprise/en-us/assets/white-papers/wp-dissecting-operation-troy.pdf
Information: http://www.malware-reversing.com/2013/04/5-south-korea-incident-new-malware.html
Malpedia: https://malpedia.caad.fkie.fraunhofer.de/details/win.concealment_troy
Last-card-change: 2022-12-28
Source: https://apt.etda.or.th/cgi-bin/listtools.cgi
| TA0043 | TA0042 | TA0001 | TA0002 | TA0003 | TA0004 | TA0005 | TA0006 | TA0007 | TA0008 | TA0009 | TA0011 | TA0010 | TA0040 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Reconnaissance | Resource Development | Initial Access | Execution | Persistence | Privilege Escalation | Defense Evasion | Credential Access | Discovery | Lateral Movement | Collection | Command and Control | Exfiltration | Impact |