Třída: Trojan
Škodlivý program určený k elektronickému špehování aktivit uživatele (zachytit vstup klávesnice, pořídit screenshoty, zachytit seznam aktivních aplikací apod.). Shromažďované informace jsou kybernetickému uživateli odesílány různými prostředky, včetně e-mailu, FTP a HTTP (zasláním dat v žádosti).Platfoma: Win32
Win32 je rozhraní API v operačních systémech Windows NT (Windows XP, Windows 7 atd.), Které podporují provádění 32bitových aplikací. Jedna z nejrozšířenějších programovacích platforem na světě.Family: Trojan.Win32.Agentb
No family descriptionExamples
67B6CBAC8C3FEB336C0B52E7AB3E849C9500ADB1C3C368B12B11167AE770A311
03A414F762383EE4C783E860DA746D25
22B4498FE421A6424D2005DEAA908850
55F346114DEB6E4894FCB6D7E02535E0
Tactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics’ techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1070.001
Indicator Removal: Clear Windows Event Logs
Adversaries may clear Windows Event Logs to hide the activity of an intrusion. Windows Event Logs are a record of a computer's alerts and notifications. There are three system-defined sources of events: System, Application, and Security, with five event types: Error, Warning, Information, Success Audit, and Failure Audit.
The event logs can be cleared with the following utility commands:
*
*
*
These logs may also be cleared through other mechanisms, such as the event viewer GUI or PowerShell. For example, adversaries may use the PowerShell command
The event logs can be cleared with the following utility commands:
*
wevtutil cl system*
wevtutil cl application*
wevtutil cl securityThese logs may also be cleared through other mechanisms, such as the event viewer GUI or PowerShell. For example, adversaries may use the PowerShell command
Remove-EventLog -LogName Security to delete the Security EventLog and after reboot, disable future logging. Note: events may still be generated and logged in the .evtx file between the time the command is run and the reboot.(Citation: disable_win_evt_logging) * © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.