Класс: HackTool
Вносит в список разрешенных посетителей системы новых пользователей; чистит системные журналы для сокрытия следов присутствия злоумышленника в системе, анализирует и собирает сетевые пакеты для совершения злонамеренных действий и т.д. Может использоваться для организации атак на локальный или удаленный компьютер.Подробнее
Платформа: Win32
Win32 - платформа, управляемая операционной системой на базе Windows NT (Windows XP, Windows 7 и т.д.), позволяющей исполнять 32-битные приложения. В настоящее время данная платформа является одной из наиболее распространенных.Семейство: HackTool.Win32.AmsiETWPatch
Нет описания семействаПримеры
CFB13A92F5D99584B6687D348310567793CC3A0925ACB44FF99A17555C2F742D
E01B4A68A97902AD104619E15587DBBB
167065E328F4C66F67BD3CF46FA78A95
9258FE6F6B9562489AD65A030C3D9E4A
Тактики и Техники: Mitre*
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.
T1568
Dynamic Resolution
Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. These calculations can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.
Adversaries may use dynamic resolution for the purpose of Fallback Channels. When contact is lost with the primary command and control server malware may employ dynamic resolution as a means to reestablishing command and control.(Citation: Talos CCleanup 2017)(Citation: FireEye POSHSPY April 2017)(Citation: ESET Sednit 2017 Activity)
Adversaries may use dynamic resolution for the purpose of Fallback Channels. When contact is lost with the primary command and control server malware may employ dynamic resolution as a means to reestablishing command and control.(Citation: Talos CCleanup 2017)(Citation: FireEye POSHSPY April 2017)(Citation: ESET Sednit 2017 Activity)
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.