Class: Worm
Worms spread on computer networks via network resources. Unlike Net-Worms, a user must launch a Worm in order for it to be activated. This kind of worm searches remote computer networks and copies itself to directories that are read/write accessible (if it finds any). Furthermore, these worms either use built-in operating system functions to search for accessible network directories and/or they randomly search for computers on the Internet, connect to them, and attempt to gain full access to the disks of these computers. This category also covers those worms which, for one reason or another, do not fit into any of the other categories defined above (e.g. worms for mobile devices).Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: WBNA
No family descriptionExamples
B6E5432024F0B4D880BF1C92E9C4EE957ED06BB432D4DCBD24926B806E3D2376
B23AA3A8C4A74C77BDC0BD7A0CDA927A
C8D5264694913252171DED512F7424B3
E21EB44EF3C58B54F318B4B58C4DBAD2
Tactics and Techniques: Mitre*
Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.