Třída: Trojan-Downloader
Programy klasifikované jako Trojan-Downloader stahovat a instalovat nové verze škodlivých programů, včetně trojských koní a AdWare, na počítače s oběťmi. Po stažení z Internetu jsou programy spuštěny nebo zařazeny do seznamu programů, které se automaticky spustí, když se spustí operační systém.Informace o jménech a umístěních programů, které jsou staženy, jsou v kódu trojského koně, nebo jsou staženy z Trojského webu z internetového zdroje (obvykle webové stránky).
Tento typ škodlivého programu se často používá při počáteční infekci návštěvníků na webové stránky, které obsahují exploity.
Platfoma: Win32
Win32 je rozhraní API v operačních systémech Windows NT (Windows XP, Windows 7 atd.), Které podporují provádění 32bitových aplikací. Jedna z nejrozšířenějších programovacích platforem na světě.Family: Trojan-Downloader.Win32.Wauchos
No family descriptionExamples
8C10AE5CCF61BF91E1486905C4E3D62ETactics and Techniques: Mitre*
TA0004
Privilege Escalation
The adversary is trying to gain higher-level permissions. Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: SYSTEM/root level, local administrator, user account with admin-like access, user accounts with access to specific system or perform specific function. These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.
T1548.002
Bypass User Account Control
Adversaries may bypass UAC mechanisms to elevate process privileges on system. Windows User Account Control (UAC) allows a program to elevate its privileges (tracked as integrity levels ranging from low to high) to perform a task under administrator-level permissions, possibly by prompting the user for confirmation. The impact to the user ranges from denying the operation under high enforcement to allowing the user to perform the action if they are in the local administrators group and click through the prompt or allowing them to enter an administrator password to complete the action.
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1562.001
Disable or Modify Tools
Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.