Classe: Trojan
Um programa malicioso projetado para espionar eletronicamente as atividades do usuário (interceptar entradas de teclado, fazer capturas de tela, capturar uma lista de aplicativos ativos, etc.). As informações coletadas são enviadas ao cibercriminoso por vários meios, incluindo e-mail, FTP e HTTP (enviando dados em uma solicitação).Plataforma: Win32
O Win32 é uma API em sistemas operacionais baseados no Windows NT (Windows XP, Windows 7, etc.) que oferece suporte à execução de aplicativos de 32 bits. Uma das plataformas de programação mais difundidas do mundo.Família: Trojan.Win32.PSpawn
No family descriptionExamples
E1A70B4D180CB14FF22351C062B99339A0953D0914D4FCD406B16DAB948DAEFD
6D4D9EF372CBE11FC130FCFB09D3C3DF
BAA469AEAF8266661C400F80D6E3AEBC
FA822CF0B730C933D111007AB5BD7CB5
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1070.001
Indicator Removal: Clear Windows Event Logs
Adversaries may clear Windows Event Logs to hide the activity of an intrusion. Windows Event Logs are a record of a computer's alerts and notifications. There are three system-defined sources of events: System, Application, and Security, with five event types: Error, Warning, Information, Success Audit, and Failure Audit.
The event logs can be cleared with the following utility commands:
*
*
*
These logs may also be cleared through other mechanisms, such as the event viewer GUI or PowerShell. For example, adversaries may use the PowerShell command
The event logs can be cleared with the following utility commands:
*
wevtutil cl system*
wevtutil cl application*
wevtutil cl securityThese logs may also be cleared through other mechanisms, such as the event viewer GUI or PowerShell. For example, adversaries may use the PowerShell command
Remove-EventLog -LogName Security to delete the Security EventLog and after reboot, disable future logging. Note: events may still be generated and logged in the .evtx file between the time the command is run and the reboot.(Citation: disable_win_evt_logging) * © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.