Sınıf: Trojan-Downloader
Trojan-Downloader olarak sınıflandırılan programlar, kurban bilgisayarlarında Truva atları ve AdWare dahil olmak üzere kötü amaçlı programların yeni sürümlerini indirir ve yükler. İnternetten indirildikten sonra, programlar başlatıldığında veya işletim sistemi başlatıldığında otomatik olarak çalışacak programların listesine dahil edilir. İndirilen programların isimleri ve konumları ile ilgili bilgiler Truva kodunda ya da bir internet kaynağından (genellikle bir web sayfasından) Trojan tarafından indirilmektedir. Bu tür kötü amaçlı program, ziyaretçilerin ilk olarak, istismar içeren web sitelerine bulaşmasında kullanılır.Platform: Win32
Win32, 32-bit uygulamaların yürütülmesini destekleyen Windows NT tabanlı işletim sistemlerinde (Windows XP, Windows 7, vb.) Bir API'dir. Dünyanın en yaygın programlama platformlarından biri.Aile: Trojan-Downloader.Win32.Agent
No family descriptionExamples
5F094E176A9C337710D4B6746EF7A2C822BB607346E20CCC672D2E52C3AC1392
DDB443A8B36B6B02940C1B64E597543E
301F8247F2D015A80AE9BFA6707B298E
94DA108903DF75B296FE7F9B94858378
Tactics and Techniques: Mitre*
TA0006
Credential Access
The adversary is trying to steal account names and passwords.
Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.
Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.
T1539
Steal Web Session Cookie
An adversary may steal web application or service session cookies and use them to gain access to web applications or Internet services as an authenticated user without needing credentials. Web applications and services often use session cookies as an authentication token after a user has authenticated to a website.
Cookies are often valid for an extended period of time, even if the web application is not actively used. Cookies can be found on disk, in the process memory of the browser, and in network traffic to remote systems. Additionally, other applications on the targets machine might store sensitive authentication cookies in memory (e.g. apps which authenticate to cloud services). Session cookies can be used to bypasses some multi-factor authentication protocols.(Citation: Pass The Cookie)
There are several examples of malware targeting cookies from web browsers on the local system.(Citation: Kaspersky TajMahal April 2019)(Citation: Unit 42 Mac Crypto Cookies January 2019) There are also open source frameworks such as `Evilginx2` and `Muraena` that can gather session cookies through a malicious proxy (ex: Adversary-in-the-Middle) that can be set up by an adversary and used in phishing campaigns.(Citation: Github evilginx2)(Citation: GitHub Mauraena)
After an adversary acquires a valid cookie, they can then perform a Web Session Cookie technique to login to the corresponding web application.
Cookies are often valid for an extended period of time, even if the web application is not actively used. Cookies can be found on disk, in the process memory of the browser, and in network traffic to remote systems. Additionally, other applications on the targets machine might store sensitive authentication cookies in memory (e.g. apps which authenticate to cloud services). Session cookies can be used to bypasses some multi-factor authentication protocols.(Citation: Pass The Cookie)
There are several examples of malware targeting cookies from web browsers on the local system.(Citation: Kaspersky TajMahal April 2019)(Citation: Unit 42 Mac Crypto Cookies January 2019) There are also open source frameworks such as `Evilginx2` and `Muraena` that can gather session cookies through a malicious proxy (ex: Adversary-in-the-Middle) that can be set up by an adversary and used in phishing campaigns.(Citation: Github evilginx2)(Citation: GitHub Mauraena)
After an adversary acquires a valid cookie, they can then perform a Web Session Cookie technique to login to the corresponding web application.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.