Класс: HackTool
Вносит в список разрешенных посетителей системы новых пользователей; чистит системные журналы для сокрытия следов присутствия злоумышленника в системе, анализирует и собирает сетевые пакеты для совершения злонамеренных действий и т.д. Может использоваться для организации атак на локальный или удаленный компьютер.Подробнее
Платформа: MSIL
MSIL (Microsoft Intermediate Language; новое название – CIL, Common Intermediate Language) – промежуточный язык, разработанный компанией Microsoft для платформы .NET Framework. Код на языке CIL генерируют все компиляторы .NET компании Microsoft, входящие в среду разработки Microsoft Visual Studio (Visual Basic .NET, Visual C++, Visual C# и другие).Семейство: HackTool.MSIL.RedTeamMaterials
Нет описания семействаПримеры
42F879A97F63A91DC4B292FBCB7EE81B107B00205DA709A4EC12884998F998B3
A52E569832FE4479B47B315EF1DC1EEA
AC1C72EF720BF21AEACCEB8E4B62F0DB
Тактики и Техники: Mitre*
TA0002
Execution
The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
T1203
Exploitation for Client Execution
Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.