Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: WinLNK
A file with the LNK extension is a Windows shortcut to a file, program, or folder.Family: Trojan.Win64.Agent
No family descriptionExamples
072770B8AC45335AA2403CDD4C4E1428EACD169FDD85C0AC9000D3F48D324BB1
463FF7BAEC430C3162B88DBEB791BB1D
8CDF0B3AFFE85BB964163A93B90643E1
5CCEF0B66C1742D5752C0C2C23C73358
Tactics and Techniques: Mitre*
Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches (dir /a
for Windows and ls –a
for Linux and macOS).
Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches (dir /a
for Windows and ls –a
for Linux and macOS).
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.