1. Home
  2. Software
  3. YAHOYAH

YAHOYAH

YAHOYAH is a Trojan used by Tropic Trooper as a second-stage backdoor.[1]

ID: S0388
Type: MALWARE
Platforms: Windows
Version: 1.2
Created: 17 June 2019
Last Modified: 19 April 2024
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1071 .001 Application Layer Protocol: Web Protocols

YAHOYAH uses HTTP for C2.[1]
Enterprise T1140 Deobfuscate/Decode Files or Information

YAHOYAH decrypts downloaded files before execution.[1]
Enterprise T1105 Ingress Tool Transfer

YAHOYAH uses HTTP GET requests to download other files that are executed in memory.[1]
Enterprise T1027 .013 Obfuscated Files or Information: Encrypted/Encoded File

YAHOYAH encrypts its configuration file using a simple algorithm.[1]
Enterprise T1518 .001 Software Discovery: Security Software Discovery

YAHOYAH checks for antimalware solution processes on the system.[1]
Enterprise T1082 System Information Discovery

YAHOYAH checks for the system’s Windows OS version and hostname.[1]

Groups That Use This Software

ID Name References
G0081 Tropic Trooper

[1]

References

  1. Alintanahin, K. (2015). Operation Tropic Trooper: Relying on Tried-and-Tested Flaws to Infiltrate Secret Keepers. Retrieved June 14, 2019.