Class: NetTool
Programs classified as NetTool are designed to work with a network (for example, remotely rebooting a computer, scanning open network ports, remotely launching random applications, etc.). These features allow cyber criminals use them for malicious purposes, although the programs themselves are not malicious. If a user has installed such a program on his/her computer, or if it was installed by a system administrator, then it does not pose any threat.Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: NetTool.Win32.TorTool
No family descriptionExamples
30A72E7938B81D038630F2361C189B7B45281974D61647B4EF1751A83C47D0F2
A15BC2B8B6E13CF4EA764DF3DBEF9CEB
7EF2119524D20D3ABC92FEB5BB37F2C8
78C9EE3676B74BC9A08FE447DE040F29
Tactics and Techniques: Mitre*
Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.