Class: Trojan-Spy
Trojan-Spy programs are used to spy on a user’s actions (to track data entered by keyboard, make screen shots, retrieve a list of running applications, etc.) The harvested information is then transmitted to the malicious user controlling the Trojan. Email, FTP, the web (including data in a request) and other methods can be used to transmit the data.Read more
Platform: Win64
Win64 is a platform on Windows-based operating systems for execution of 32-/64-bit applications. Win64 programs cannot be launched on 32-bit versions of Windows.Family: Trojan-Spy.Win32.Xegumumune
No family descriptionExamples
10C1C06BF1D6FE038549254B48E9CCC2Tactics and Techniques: Mitre*
TA0002
Execution
Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API).
T1129
Shared Modules
Adversaries may execute malicious payloads via loading shared modules. Shared modules are executable files that are loaded into processes to provide access to reusable code, such as specific custom functions or invoking OS API functions (i.e., Native API).
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.