Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: Copak
No family descriptionExamples
B69D3F743D9D2A2BB25460F475E61430C43F716A224A27E2535E2CA2734FF0EE
A78D7B98D7B276BE4DD80D21DBF496E2
EE1125F2AE6B87BAE2BFAEA5AA357BED
0D1588387CC16087CDC9FD8192AD81A1
Tactics and Techniques: Mitre*
TA0011
Command and Control
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
T1071.001
Web Protocols
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.