Class: Trojan
A malicious program designed to electronically spy on the user’s activities (intercept keyboard input, take screenshots, capture a list of active applications, etc.). The collected information is sent to the cybercriminal by various means, including email, FTP, and HTTP (by sending data in a request).Read more
Platform: WinINF
No platform descriptionFamily: Trojan.Win64.Agent
No family descriptionExamples
D1AD13E983F398A84742D152B73AC5F479CD433C991BEF148C922E09618AAC96
593D1131EFA1FED3E6DA7B85229071C8
D8C129B567C27655C5729125933547BA
61355C03BF0CE91B93BB6501B29929A5
Tactics and Techniques: Mitre*
TA0011
Command and Control
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
T1071.001
Web Protocols
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.