Třída: Trojan-Downloader
Programy klasifikované jako Trojan-Downloader stahovat a instalovat nové verze škodlivých programů, včetně trojských koní a AdWare, na počítače s oběťmi. Po stažení z Internetu jsou programy spuštěny nebo zařazeny do seznamu programů, které se automaticky spustí, když se spustí operační systém.Informace o jménech a umístěních programů, které jsou staženy, jsou v kódu trojského koně, nebo jsou staženy z Trojského webu z internetového zdroje (obvykle webové stránky).
Tento typ škodlivého programu se často používá při počáteční infekci návštěvníků na webové stránky, které obsahují exploity.
Platfoma: Win32
Win32 je rozhraní API v operačních systémech Windows NT (Windows XP, Windows 7 atd.), Které podporují provádění 32bitových aplikací. Jedna z nejrozšířenějších programovacích platforem na světě.Family: Trojan-Downloader.Win32.Agent
No family descriptionExamples
D3E6B4C35B951EA6B264DF4095838DC9Tactics and Techniques: Mitre*
TA0007
Discovery
The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what's around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1016
System Network Configuration Discovery
Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp, ipconfig/ifconfig, nbtstat, and route.
T1016.001
Internet Connection Discovery
Adversaries may check for Internet connectivity on compromised systems. This may be performed during automated discovery and can be accomplished in numerous ways such as using Ping,
tracert, and GET requests to websites. T1018
Remote System Discovery
Adversaries may attempt to get a listing of other systems by IP address, hostname, or other logical identifier on a network that may be used for Lateral Movement from the current system. Functionality could exist within remote access tools to enable this, but utilities available on the operating system could also be used such as Ping or
net view using Net. T1049
System Network Connections Discovery
Adversaries may attempt to get a listing of network connections to or from the compromised system they are currently accessing or from remote systems by querying for information over the network.
T1120
Peripheral Device Discovery
Adversaries may attempt to gather information about attached peripheral devices and components connected to a computer system. Peripheral devices could include auxiliary resources that support a variety of functionalities such as keyboards, printers, cameras, smart card readers, or removable storage. The information may be used to enhance their awareness of the system and network environment or may be used for further actions.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.