Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: Win64
Win64 is a platform on Windows-based operating systems for execution of 32-/64-bit applications. Win64 programs cannot be launched on 32-bit versions of Windows.Family: Vilers
No family descriptionExamples
80BEBE31654626CA67B1D86F777D6C8A7D24509A28007ED68DAC34DFEB0D2EC5
1653B62E2982293C92A51983B68B2C65
C9C3C29B1133ADE7BD0847DFDBCF9998
C1777D97F3C46EDA38EADF646249CB5C
Tactics and Techniques: Mitre*
TA0011
Command and Control
Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
T1571
Non-Standard Port
Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088 or port 587 as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.