Třída: Trojan-Banker
Programy Trojan-Banker jsou navrženy tak, aby ukradly údaje o uživatelských účtech týkajících se systémů online bankovnictví, elektronických platebních systémů a systémů plastových karet. Data jsou pak předána uživateli se zlými úmysly, který kontroluje Trojan. E-mail, FTP, web (včetně dat v žádosti) nebo jiné metody mohou být použity k přepravě ukradených dat.Platfoma: Win32
Win32 je rozhraní API v operačních systémech Windows NT (Windows XP, Windows 7 atd.), Které podporují provádění 32bitových aplikací. Jedna z nejrozšířenějších programovacích platforem na světě.Family: Trojan-Banker.Win32.ChePro
No family descriptionExamples
AB5A15A2300329C50E5557331F06B822E94379ADEAC6547AA6E1C8ADC1BAFB66
7349C02F72F117F3FF24AFC6103FB19F
B8DF526FCB95A9B8BF8D5D28B3D460FA
F933FAAAFFFD3B67FA6547A014EF50C3
Tactics and Techniques: Mitre*
TA0007
Discovery
The adversary is trying to figure out your environment.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1016
System Network Configuration Discovery
Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp, ipconfig/ifconfig, nbtstat, and route.
Adversaries may also leverage a Network Device CLI on network devices to gather information about configurations and settings, such as IP addresses of configured interfaces and static/dynamic routes (e.g.
Adversaries may use the information from System Network Configuration Discovery during automated discovery to shape follow-on behaviors, including determining certain access within the target network and what actions to do next.
Adversaries may also leverage a Network Device CLI on network devices to gather information about configurations and settings, such as IP addresses of configured interfaces and static/dynamic routes (e.g.
show ip route, show ip interface).(Citation: US-CERT-TA18-106A)(Citation: Mandiant APT41 Global Intrusion )Adversaries may use the information from System Network Configuration Discovery during automated discovery to shape follow-on behaviors, including determining certain access within the target network and what actions to do next.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.