Searching
..

Click anywhere to stop

Worm.Win32.Zombaque.a

Class Worm
Platform Win32
Family Zombaque
Full name Worm.Win32.Zombaque.a
Examples 78B29020EAB3B54682C2110DF7951BD3
01F1AAAB21FA4069BD049BB5DB86C4CC
C79014374F2A152E9D95C63D0906334D
020F0078F8A49492C2847CD451A07FA4
3ED3E89FDBABE36F58F14650E5B93238
Updated at 2024-01-16 17:01:26
Tactics &
techniques MITRE*

TA0011 Command and Control

The adversary is trying to communicate with compromised systems to control them.


Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim’s network structure and defenses.


T1095 Non-Application Layer Protocol

Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.(Citation: Wikipedia OSI) Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).

ICMP communication between hosts is one example.(Citation: Cisco Synful Knock Evolution) Because ICMP is part of the Internet Protocol Suite, it is required to be implemented by all IP-compatible hosts.(Citation: Microsoft ICMP) However, it is not as commonly monitored as other Internet Protocols such as TCP or UDP and may be used by adversaries to hide communications.
* © 2024 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.
Find out the statistics of the threats spreading in your region