Classe: RiskTool
Os programas nesta categoria têm várias funções (como ocultar arquivos no sistema, ocultar aplicativos em execução, encerrar processos ativos etc.) que podem ser usados com intenções maliciosas. Eles são, em si mesmos, não maliciosos. Ao contrário dos programas classificados como NetTool, os programas RiskTool são projetados para operar no computador local. Se um usuário instalou um programa desse tipo em seu computador ou se foi instalado por um administrador do sistema, ele não representa qualquer ameaça.Plataforma: Win32
O Win32 é uma API em sistemas operacionais baseados no Windows NT (Windows XP, Windows 7, etc.) que oferece suporte à execução de aplicativos de 32 bits. Uma das plataformas de programação mais difundidas do mundo.Família: RiskTool.Win32.Miner
No family descriptionExamples
47B83D62369F0C651D862E2A642FA609Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1622
Debugger Evasion
Adversaries may employ various means to detect and avoid debuggers. Debuggers are typically used by defenders to trace and/or analyze the execution of potential malware payloads.
TA0007
Discovery
The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what's around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1622
Debugger Evasion
Adversaries may employ various means to detect and avoid debuggers. Debuggers are typically used by defenders to trace and/or analyze the execution of potential malware payloads.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.