Classe: Trojan-Spy
Os programas Trojan-Spy são usados para espionar as ações de um usuário (para rastrear dados digitados pelo teclado, fazer capturas de tela, recuperar uma lista de aplicativos em execução, etc.) As informações coletadas são então transmitidas ao usuário mal-intencionado que controla o Trojan. E-mail, FTP, a web (incluindo dados em uma solicitação) e outros métodos podem ser usados para transmitir os dados.Plataforma: Win32
O Win32 é uma API em sistemas operacionais baseados no Windows NT (Windows XP, Windows 7, etc.) que oferece suporte à execução de aplicativos de 32 bits. Uma das plataformas de programação mais difundidas do mundo.Família: Trojan-Spy.Win32.Noon
No family descriptionExamples
AB4D1BAFED32CF699755BB58537C5BAFTactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1055.012
Process Hollowing
Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.