クラス: Trojan-Downloader
Trojan-Downloaderとして分類されたプログラムは、トロイの木馬やAdWareを含む悪意のあるプログラムの新しいバージョンをダウンロードし、犠牲PCにインストールします。インターネットからダウンロードされると、プログラムは起動され、オペレーティングシステムの起動時に自動的に実行されるプログラムのリストに含まれます。ダウンロードされるプログラムの名前と場所に関する情報は、トロイの木馬のコードに含まれているか、インターネットリソース(通常はWebページ)からトロイの木馬によってダウンロードされます。この種の悪意のあるプログラムは、悪用を含むWebサイトへの訪問者の初期感染に頻繁に使用されます。プラットフォーム: MSIL
Common Intermediate Language(旧称Microsoft Intermediate Language、またはMSIL)は、Microsoftが.NET Framework用に開発した中間言語です。 CILコードは、Microsoft Visual Studio(Visual Basic .NET、Visual C ++、Visual C#など)のすべてのMicrosoft .NETコンパイラによって生成されます。ファミリー: Trojan-Downloader.MSIL.Adload
No family descriptionExamples
B25DD56B58ECD1FEE36973F807E5AFB9F84BB61E160E18AADC76B069A652DD32
5C3C2237476056713A4581D9C66FBA08
5751EEC033F21084277656982228F8C8
6DFC12AAE077A956D04B8316290504E5
Tactics and Techniques: Mitre*
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
T1071.001
Application Layer Protocol: Web Protocols
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic.
Protocols such as HTTP/S(Citation: CrowdStrike Putter Panda) and WebSocket(Citation: Brazking-Websockets) that carry web traffic may be very common in environments. HTTP/S packets have many fields and headers in which data can be concealed. An adversary may abuse these protocols to communicate with systems under their control within a victim network while also mimicking normal, expected traffic.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.