Clase: Trojan-Downloader
Los programas clasificados como Trojan-Downloader descargan e instalan nuevas versiones de programas maliciosos, incluidos troyanos y AdWare, en las computadoras de las víctimas. Una vez descargados de Internet, los programas se inician o se incluyen en una lista de programas que se ejecutarán automáticamente cuando se inicie el sistema operativo. La información sobre los nombres y las ubicaciones de los programas que se descargan se encuentran en el código troyano, o se descargan del troyano desde un recurso de Internet (generalmente una página web). Este tipo de programa malicioso se utiliza con frecuencia en la infección inicial de visitantes de sitios web que contienen exploits.Más información
Plataforma: VBS
Visual Basic Scripting Edition (VBScript) es un lenguaje de scripts interpretado por Windows Script Host. VBScript es ampliamente utilizado para crear scripts en sistemas operativos Microsoft Windows.Familia: Trojan-Downloader.VBS.Small
No family descriptionExamples
A2F91CF22C3BAE651D053EA68AE148FDD2D7F8102ACDD3084620FAB9086AA81F
55E2C1814CA443F628A1872A41298C15
F703591EDFB85D79754DA5C7F8617386
A0DACF3267B5CE6D8F4056EACAA076D3
Tactics and Techniques: Mitre*
TA0007
Discovery
The adversary is trying to figure out your environment.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what’s around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1082
System Information Discovery
An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tools such as Systeminfo can be used to gather detailed system information. If running with privileged access, a breakdown of system data can be gathered through the
Infrastructure as a Service (IaaS) cloud providers such as AWS, GCP, and Azure allow access to instance and virtual machine information via APIs. Successful authenticated API calls can return data such as the operating system platform and status of a particular instance or the model view of a virtual machine.(Citation: Amazon Describe Instance)(Citation: Google Instances Resource)(Citation: Microsoft Virutal Machine API)
Tools such as Systeminfo can be used to gather detailed system information. If running with privileged access, a breakdown of system data can be gathered through the
systemsetup configuration tool on macOS. As an example, adversaries with user-level access can execute the df -aH command to obtain currently mounted disks and associated freely available space. Adversaries may also leverage a Network Device CLI on network devices to gather detailed system information (e.g. show version).(Citation: US-CERT-TA18-106A) System Information Discovery combined with information gathered from other forms of discovery and reconnaissance can drive payload development and concealment.(Citation: OSX.FairyTale)(Citation: 20 macOS Common Tools and Techniques)Infrastructure as a Service (IaaS) cloud providers such as AWS, GCP, and Azure allow access to instance and virtual machine information via APIs. Successful authenticated API calls can return data such as the operating system platform and status of a particular instance or the model view of a virtual machine.(Citation: Amazon Describe Instance)(Citation: Google Instances Resource)(Citation: Microsoft Virutal Machine API)
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.