Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: PowerShell
PowerShell is a platform that is represented by scripts written in Powershell.Family: Trojan.Win64.Agent
No family descriptionExamples
FD291A4139CFFD60004A38BE0FA270F806577361EB249A7ADABCD8A36B26C89E
48FF17B701A5C63AA344DC799341CC47
AE56DE65BB4B3CCD2ABEC97C9B3ADC91
1479423952DB67A00EE831CF2EE4D13A
Tactics and Techniques: Mitre*
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Adversaries may attempt to get a listing of local system accounts. This information can help adversaries determine which local accounts exist on a system to aid in follow-on behavior.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.