Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Trojan.Win32.Agentb
No family descriptionExamples
826AF1F23B197E411987BDA1AD45E0A3970A2547A674ED7B7ED9C18AD996C18D
56998B23558A0F842F50322CD7ECE501
02F5747819973E1546FD8F008806AF82
0FA470F0C7D8222D52494F418EF28FD7
Tactics and Techniques: Mitre*
Adversaries may clear Windows Event Logs to hide the activity of an intrusion. Windows Event Logs are a record of a computer’s alerts and notifications. There are three system-defined sources of events: System, Application, and Security, with five event types: Error, Warning, Information, Success Audit, and Failure Audit.
Adversaries may clear Windows Event Logs to hide the activity of an intrusion. Windows Event Logs are a record of a computer’s alerts and notifications. There are three system-defined sources of events: System, Application, and Security, with five event types: Error, Warning, Information, Success Audit, and Failure Audit.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.