Class: Worm
Worms spread on computer networks via network resources. Unlike Net-Worms, a user must launch a Worm in order for it to be activated. This kind of worm searches remote computer networks and copies itself to directories that are read/write accessible (if it finds any). Furthermore, these worms either use built-in operating system functions to search for accessible network directories and/or they randomly search for computers on the Internet, connect to them, and attempt to gain full access to the disks of these computers. This category also covers those worms which, for one reason or another, do not fit into any of the other categories defined above (e.g. worms for mobile devices).Read more
Platform: Win32
Win32 is an API on Windows NT-based operating systems (Windows XP, Windows 7, etc.) that supports execution of 32-bit applications. One of the most widespread programming platforms in the world.Family: WBNA
No family descriptionExamples
4245AD78914042F04C6AA8BDA0F9D3C95045DD5814D1738B8C7078C7C2C6A8AA
4F1C2D686B169BE62216EA7CD64F078F
B13EF0635A7EFDDABBF8B371AA479D6E
9A553D242E6E2556E2423F0F4C7A4E6A
Tactics and Techniques: Mitre*
Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
* © 2025 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.