Класс: Trojan-Downloader
Предназначены для загрузки и установки на компьютер-жертву новых версий вредоносных программ, установки троянцев или рекламных систем. Загруженные из интернета программы затем либо запускаются на выполнение, либо включаются в список программ, запускаемых при старте операционной системы. Информация об именах и расположении загружаемых программ содержится в коде и данных троянца или скачивается троянцем с управляющего интернет-ресурса (обычно с веб-страницы). Данный тип вредоносных программ в последнее время стал часто использоваться для первоначального заражения посетителей зараженных web-страниц, содержащих эксплойты.Подробнее
Платформа: Win32
Win32 - платформа, управляемая операционной системой на базе Windows NT (Windows XP, Windows 7 и т.д.), позволяющей исполнять 32-битные приложения. В настоящее время данная платформа является одной из наиболее распространенных.Семейство: Trojan-Downloader.Win32.FlyStudio
Нет описания семействаПримеры
A1A6470853DFFDCDC3F330C554B7BEF68DF4E3772D8B5DD26CDA8525AB178C45
94DE3FFDA27E3618D253431E2142101C
9AE00714A006486D5BB27BD825C82D24
6D23171E796FE6CAABDB5DF3AD92E518
Тактики и Техники: Mitre*
TA0002
Execution
The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
T1204.002
Malicious File
An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, .cpl, and .reg.
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1112
Modify Registry
Adversaries may interact with the Windows Registry as part of a variety of other techniques to aid in defense evasion, persistence, and execution.
TA0009
Collection
The adversary is trying to gather data of interest to their goal. Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) the data. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.
T1185
Browser Session Hijacking
Adversaries may take advantage of security vulnerabilities and inherent functionality in browser software to change content, modify user-behaviors, and intercept information as part of various browser session hijacking techniques.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.