Computer networks and industrial systems are always under cyber threat and attack. Existing vulnerabilities in different parts of systems have given cyber attackers the opportunity to think about attacking, damaging or hindering the working process of important infrastructures of the country. Figuring out these threats and weak points which are used by malwares like Trojans, considering the evolution of used techniques for preventing identification and ways to identify, is a big challenge. Having a destructive hierarchy can help identification and risk mitigation strategies. In this paper, we have analyzed a hierarchy based on characteristics of remote-controlled malwares using 477 Trojans collected from real-world samples, using different methods of assessment. The carried out analysis used one of the popular models for identifying cyber threats named Cyber Kill Chain. We proposed a hierarchy based on dataset sample in different stage of malware lifecycle.