Classe: Trojan-Spy
Les programmes Trojan-Spy sont utilisés pour espionner les actions d'un utilisateur (suivre les données saisies au clavier, faire des captures d'écran, récupérer une liste d'applications en cours, etc.). Les informations récoltées sont ensuite transmises à l'utilisateur malveillant. Email, FTP, le web (y compris les données dans une demande) et d'autres méthodes peuvent être utilisés pour transmettre les données.Plus d'informations
Plateforme: Win32
Win32 est une API sur les systèmes d'exploitation Windows NT (Windows XP, Windows 7, etc.) qui prend en charge l'exécution des applications 32 bits. L'une des plateformes de programmation les plus répandues au monde.Famille: Trojan-Spy.Win32.Stealer
No family descriptionExamples
573255F965EA12DDF0C6896FACDBDF0BFC2E6ED90706033AFFDA7F61BD591D23
5363314A1961A9DC7C966EADBFF3A46A
5AD3A5D804D96FC87989F8B3E060266C
17122CED65787A59A83DE13745FC9174
Tactics and Techniques: Mitre*
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
T1071.001
Application Layer Protocol: Web Protocols
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic.
Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.