Skip to content

S0178 Truvasys

Truvasys is first-stage malware that has been used by PROMETHIUM. It is a collection of modules written in the Delphi programming language. 1 2 3

Item Value
ID S0178
Associated Names
Version 1.1
Created 16 January 2018
Last Modified 18 March 2020
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
enterprise T1547 Boot or Logon Autostart Execution -
enterprise T1547.001 Registry Run Keys / Startup Folder Truvasys adds a Registry Run key to establish persistence.1
enterprise T1036 Masquerading -
enterprise T1036.004 Masquerade Task or Service To establish persistence, Truvasys adds a Registry Run key with a value “TaskMgr” in an attempt to masquerade as the legitimate Windows Task Manager.1

Groups That Use This Software

ID Name References


Back to top