Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: VBS
Visual Basic Scripting Edition (VBScript) is a scripting language interpreted by Windows Script Host. VBScript is widely used to create scripts on Microsoft Windows operating systems.Family: Trojan.VBS.KillAV
No family descriptionExamples
4FE97412C1DDE66B1F7CC722D629A1324D331F8D310DB309DF8FD934E62536FA
AF490B285C0EAFECE2AAACE22F240A9C
35B87FEAEA1589D170B89C4FAC31A705
4B2B9B83953DC1C92F940505DFB6F809
Tactics and Techniques: Mitre*
TA0002
Execution
The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
T1047
Windows Management Instrumentation
Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is designed for programmers and is the infrastructure for management data and operations on Windows systems. WMI is an administration feature that provides a uniform environment to access Windows system components.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.