Class: Trojan-DDoS
This type of malicious program is designed to conduct a DoS attack from an infected computer on a pre-defined address. Essentially, a DoS attack involves sending numerous requests to the victim machine; this leads to a denial of service if the computer under attack does not have sufficient resources to process all the incoming requests. In order to conduct a successful DoS attack, malicious users often infect a number of computers with this type of Trojan in advance (for example, as part of a mass spam mailing.) As a result, all the infected computers will attack the victim machine.Read more
Family: Trojan-DDoS.Shell.Agent
No family descriptionExamples
2137866321601BB1EED0DAC46D2208EBTactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1070.006
Timestomp
Adversaries may modify file time attributes to hide new files or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder and blend malicious files with legitimate files.
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim's network structure and defenses.
T1105
Ingress Tool Transfer
Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp. Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer).
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.