Classe: Trojan
Um programa malicioso projetado para espionar eletronicamente as atividades do usuário (interceptar entradas de teclado, fazer capturas de tela, capturar uma lista de aplicativos ativos, etc.). As informações coletadas são enviadas ao cibercriminoso por vários meios, incluindo e-mail, FTP e HTTP (enviando dados em uma solicitação).Plataforma: VBS
O Visual Basic Scripting Edition (VBScript) é uma linguagem de script interpretada pelo Windows Script Host. O VBScript é amplamente usado para criar scripts em sistemas operacionais Microsoft Windows.Família: Trojan.VBS.KillAV
No family descriptionExamples
4FE97412C1DDE66B1F7CC722D629A1324D331F8D310DB309DF8FD934E62536FA
AF490B285C0EAFECE2AAACE22F240A9C
35B87FEAEA1589D170B89C4FAC31A705
4B2B9B83953DC1C92F940505DFB6F809
Tactics and Techniques: Mitre*
TA0002
Execution
The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
T1047
Windows Management Instrumentation
Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is designed for programmers and is the infrastructure for management data and operations on Windows systems. WMI is an administration feature that provides a uniform environment to access Windows system components.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.