Sınıf: Trojan-Dropper
Trojan-Dropper programları, kurban bilgisayarlarına kodlarının içerdiği kötü amaçlı programları gizlice yüklemek için tasarlanmıştır. Bu tip kötü amaçlı program genellikle bir dizi dosyayı kurbanın sürücüsüne (genellikle Windows dizinine, Windows sistem dizinine, geçici dizine vb.) Kaydeder ve bunları herhangi bir bildirimde bulunmadan başlatır (veya bir arşiv hatasıyla ilgili sahte bildirim ile) eski işletim sistemi sürümü, vb. Bu tür programlar hackerlar tarafından kullanılır: Trojan programlarını ve / veya virüsleri gizlice yüklemek, bilinen kötü amaçlı programları antivirüs çözümleri tarafından algılanmaktan korur; Tüm antivirüs programları bu tip Truva atlarının içindeki tüm bileşenleri tarayamaz.Platform: Win32
Win32, 32-bit uygulamaların yürütülmesini destekleyen Windows NT tabanlı işletim sistemlerinde (Windows XP, Windows 7, vb.) Bir API'dir. Dünyanın en yaygın programlama platformlarından biri.Aile: Trojan-Dropper.Win32.Sysn
No family descriptionExamples
CDFD8C9246B9156F3BC9736AAA4AAC53Tactics and Techniques: Mitre*
TA0002
Execution
The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
T1204.002
Malicious File
An adversary may rely upon a user opening a malicious file in order to gain execution. Users may be subjected to social engineering to get them to open a file that will lead to code execution. This user action will typically be observed as follow-on behavior from Spearphishing Attachment. Adversaries may use several types of files that require a user to execute them, including .doc, .pdf, .xls, .rtf, .scr, .exe, .lnk, .pif, .cpl, and .reg.
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036.005
Match Legitimate Resource Name or Location
Adversaries may match or approximate the name or location of legitimate files, Registry keys, or other resources when naming/placing them. This is done for the sake of evading defenses and observation.
T1140
Deobfuscate/Decode Files or Information
Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim's network structure and defenses.
T1071.001
Web Protocols
Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
T1568
Dynamic Resolution
Adversaries may dynamically establish connections to command and control infrastructure to evade common detections and remediations. This may be achieved by using malware that shares a common algorithm with the infrastructure the adversary uses to receive the malware's communications. These calculations can be used to dynamically adjust parameters such as the domain name, IP address, or port number the malware uses for command and control.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.