Skip to content

S0027 Zeroaccess

Zeroaccess is a kernel-mode Rootkit that attempts to add victims to the ZeroAccess botnet, often for monetary gain. 1

Item Value
ID S0027
Version 1.0
Created 31 May 2017
Last Modified 17 October 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1564 Hide Artifacts -
enterprise T1564.004 NTFS File Attributes Some variants of the Zeroaccess Trojan have been known to store data in Extended Attributes.2
enterprise T1014 Rootkit Zeroaccess is a kernel-mode rootkit.1


Back to top