クラス: Trojan
ユーザーの活動を電子的に偵察する(キーボード入力の傍受、スクリーンショットの取得、アクティブなアプリケーションのリストの取得など)ために設計された悪質なプログラム。収集された情報は、電子メール、FTP、およびHTTP(リクエストでデータを送信すること)を含むさまざまな手段によってサイバー犯罪者に送信されます。プラットフォーム: Win32
Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム(Windows XP、Windows 7など)上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。ファミリー: Trojan.Win32.Diztakun
No family descriptionExamples
73CBE23A01CA9D514175D63EBD36EEFEF01550CBE57EA96862B8D093822E9FC1
5AB39300ED8A1EA290DA1282717859BC
76FA4A0CC386B228788DA56BAE596B26
B0B620CC5BFC918F3FB44FD589FD997B
Tactics and Techniques: Mitre*
TA0007
Discovery
The adversary is trying to figure out your environment.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1124
System Time Discovery
An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network. (Citation: MSDN System Time)(Citation: Technet Windows Time Service)
System time information may be gathered in a number of ways, such as with Net on Windows by performing
On network devices, Network Device CLI commands such as `show clock detail` can be used to see the current time configuration.(Citation: show_clock_detail_cisco_cmd)
This information could be useful for performing other techniques, such as executing a file with a Scheduled Task/Job(Citation: RSA EU12 They're Inside), or to discover locality information based on time zone to assist in victim targeting (i.e. System Location Discovery). Adversaries may also use knowledge of system time as part of a time bomb, or delaying execution until a specified date/time.(Citation: AnyRun TimeBomb)
System time information may be gathered in a number of ways, such as with Net on Windows by performing
net time \\hostname to gather the system time on a remote system. The victim's time zone may also be inferred from the current system time or gathered by using w32tm /tz.(Citation: Technet Windows Time Service)On network devices, Network Device CLI commands such as `show clock detail` can be used to see the current time configuration.(Citation: show_clock_detail_cisco_cmd)
This information could be useful for performing other techniques, such as executing a file with a Scheduled Task/Job(Citation: RSA EU12 They're Inside), or to discover locality information based on time zone to assist in victim targeting (i.e. System Location Discovery). Adversaries may also use knowledge of system time as part of a time bomb, or delaying execution until a specified date/time.(Citation: AnyRun TimeBomb)
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.