クラス: Trojan-PSW
トロイの木馬-PSWプログラムは、感染したコンピュータからのログインやパスワードなどのユーザーアカウント情報を盗むように設計されています。 PSWはPassword Stealing Wareの略語です。起動すると、PSWトロイの木馬は、一連の機密データまたはレジストリを格納しているシステムファイルを検索します。そのようなデータが見つかった場合、トロイの木馬はそれを "マスタ"に送信します。盗まれたデータを転送するには、電子メール、FTP、Web(要求のデータを含む)、またはその他の方法を使用できます。このようなトロイの木馬の中には、特定のソフトウェアプログラムの登録情報を盗むものもあります。プラットフォーム: MSIL
Common Intermediate Language(旧称Microsoft Intermediate Language、またはMSIL)は、Microsoftが.NET Framework用に開発した中間言語です。 CILコードは、Microsoft Visual Studio(Visual Basic .NET、Visual C ++、Visual C#など)のすべてのMicrosoft .NETコンパイラによって生成されます。ファミリー: Trojan-PSW.MSIL.Agensla
No family descriptionExamples
4510308CF5F71AE30219F5320C863DC4Tactics and Techniques: Mitre*
TA0006
Credential Access
The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.
T1056.001
Keylogging
Adversaries may log user keystrokes to intercept credentials as the user types them. Keylogging is likely to be used to acquire credentials for new access opportunities when OS Credential Dumping efforts are not effective, and may require an adversary to intercept keystrokes on a system for a substantial period of time before credentials can be successfully captured. In order to increase the likelihood of capturing credentials quickly, an adversary may also perform actions such as clearing browser cookies to force users to reauthenticate to systems.
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim's network structure and defenses.
T1071.001
Web Protocols
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.