Classe: HackTool
Os programas HackTool são usados para criar novos usuários na lista de visitantes permitidos do sistema e para excluir informações dos registros do sistema para ocultar a presença do usuário malicioso no sistema. Esses programas também são usados para analisar e coletar pacotes de rede para realizar ações maliciosas específicas. Usuários mal-intencionados usam programas HackTool ao configurar ataques em computadores locais ou remotos.Plataforma: Win64
O Win64 é uma plataforma em sistemas operacionais baseados no Windows para execução de aplicativos de 32/64 bits. Programas Win64 não podem ser iniciados em versões de 32 bits do Windows.Família: HackTool.Win64.AmsiETWPatch
No family descriptionExamples
839CA23ECB18C8318FDBCC9AB05F314BTactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1564.001
Hidden Files and Directories
Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches (
dir /a for Windows and ls –a for Linux and macOS). TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim's network structure and defenses.
T1071.001
Web Protocols
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.