クラス: Trojan
ユーザーの活動を電子的に偵察する(キーボード入力の傍受、スクリーンショットの取得、アクティブなアプリケーションのリストの取得など)ために設計された悪質なプログラム。収集された情報は、電子メール、FTP、およびHTTP(リクエストでデータを送信すること)を含むさまざまな手段によってサイバー犯罪者に送信されます。プラットフォーム: MSIL
Common Intermediate Language(旧称Microsoft Intermediate Language、またはMSIL)は、Microsoftが.NET Framework用に開発した中間言語です。 CILコードは、Microsoft Visual Studio(Visual Basic .NET、Visual C ++、Visual C#など)のすべてのMicrosoft .NETコンパイラによって生成されます。ファミリー: Trojan.MSIL.BypassUAC
No family descriptionExamples
1571201B6B5717A8A02D2260CF4689F7Tactics and Techniques: Mitre*
TA0004
Privilege Escalation
The adversary is trying to gain higher-level permissions. Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: SYSTEM/root level, local administrator, user account with admin-like access, user accounts with access to specific system or perform specific function. These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.
T1134
Access Token Manipulation
Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1134
Access Token Manipulation
Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.