Classe: Trojan-Dropper
Les programmes Trojan-Dropper sont conçus pour installer secrètement des programmes malveillants intégrés dans leur code aux ordinateurs des victimes. Ce type de programme malveillant enregistre généralement une série de fichiers sur le lecteur de la victime (généralement dans le répertoire Windows, le répertoire système Windows, le répertoire temporaire, etc.) et les lance sans aucune notification (ou avec une fausse notification d'erreur d'archivage, version obsolète du système d'exploitation, etc.). De tels programmes sont utilisés par des pirates informatiques pour: installer secrètement des programmes de Troie et / ou des virus empêchent les programmes malveillants connus d'être détectés par des solutions antivirus; tous les programmes antivirus ne sont pas capables d'analyser tous les composants de ce type de chevaux de Troie.Plus d'informations
Plateforme: Win32
Win32 est une API sur les systèmes d'exploitation Windows NT (Windows XP, Windows 7, etc.) qui prend en charge l'exécution des applications 32 bits. L'une des plateformes de programmation les plus répandues au monde.Famille: Trojan-Dropper.Win32.Dapato
No family descriptionExamples
A2ABEAD64AD78DFF643A975F7D451B16Tactics and Techniques: Mitre*
TA0007
Discovery
The adversary is trying to figure out your environment.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1057
Process Discovery
Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
In Windows environments, adversaries could obtain details on running processes using the Tasklist utility via cmd or
On network devices, Network Device CLI commands such as `show processes` can be used to display current running processes.(Citation: US-CERT-TA18-106A)(Citation: show_processes_cisco_cmd)
In Windows environments, adversaries could obtain details on running processes using the Tasklist utility via cmd or
Get-Process via PowerShell. Information about processes can also be extracted from the output of Native API calls such as CreateToolhelp32Snapshot. In Mac and Linux, this is accomplished with the ps command. Adversaries may also opt to enumerate processes via /proc.On network devices, Network Device CLI commands such as `show processes` can be used to display current running processes.(Citation: US-CERT-TA18-106A)(Citation: show_processes_cisco_cmd)
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.