Classe: Trojan
Un programme malveillant conçu pour espionner électroniquement les activités de l'utilisateur (intercepter la saisie au clavier, prendre des captures d'écran, capturer une liste d'applications actives, etc.). Les informations collectées sont envoyées au cybercriminel par divers moyens, y compris par courrier électronique, FTP et HTTP (en envoyant des données dans une requête).Plus d'informations
Plateforme: Win32
Win32 est une API sur les systèmes d'exploitation Windows NT (Windows XP, Windows 7, etc.) qui prend en charge l'exécution des applications 32 bits. L'une des plateformes de programmation les plus répandues au monde.Famille: Trojan.Win32.Metla
No family descriptionExamples
63BD0B13BF96807AFEF4F53BDDC7D59A8CAC662588427B8A27CE10BCD60F9CCC
3DC250146FE0896158D8B1F18CBDCDEC
6E357FC5A0262111B49FE3D11F89A56E
2397919DD8781A5D7F3144CB2ABAE657
Tactics and Techniques: Mitre*
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
T1571
Non-Standard Port
Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088(Citation: Symantec Elfin Mar 2019) or port 587(Citation: Fortinet Agent Tesla April 2018) as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Adversaries may also make changes to victim systems to abuse non-standard ports. For example, Registry keys and other configuration settings can be used to modify protocol and port pairings.(Citation: change_rdp_port_conti)
Adversaries may also make changes to victim systems to abuse non-standard ports. For example, Registry keys and other configuration settings can be used to modify protocol and port pairings.(Citation: change_rdp_port_conti)
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.