クラス: Backdoor
バックドアは、悪意のあるユーザーが感染したコンピュータをリモートコントロールできるように設計されています。機能性の面では、バックドアはソフトウェア開発者が設計し配布する多くの管理システムに似ています。これらの種類の悪質なプログラムは、ファイルの送受信、ファイルの起動や削除、メッセージの表示、データの削除、コンピュータの再起動など、感染したコンピュータ上で必要な作業を可能にします。このカテゴリのプログラムは、被害者のコンピュータのグループを結びつけ、ボットネットまたはゾンビネットワークを形成するためです。これにより、悪意のあるユーザーは感染したコンピュータの軍隊を集中管理し、犯罪目的で使用することができます。 Net-Wormのように、ネットワークを介して拡散して他のコンピュータに感染することができるバックドアのグループもあります。違いは、このようなBackdoorは(Net-Wormのように)自動的に広がるのではなく、それらを制御する悪意のあるユーザーからの特別な「コマンド」に限られるということです。プラットフォーム: Win32
Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム(Windows XP、Windows 7など)上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。ファミリー: Backdoor.Win32.Sinowal
No family descriptionExamples
89AF4BB46AC88C97F893B9D7EECEDE7637D7E3DEE7BF2030D16CEDE186BB9E8B
502FDC295DACF85A1B38F3027CFA5372
A3925C4B4E9AB341489060A21165D90C
49AD297F046C4E5CD28847DE7936E810
Tactics and Techniques: Mitre*
TA0040
Impact
The adversary is trying to manipulate, interrupt, or destroy your systems and data.
Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.
Impact consists of techniques that adversaries use to disrupt availability or compromise integrity by manipulating business and operational processes. Techniques used for impact can include destroying or tampering with data. In some cases, business processes can look fine, but may have been altered to benefit the adversaries’ goals. These techniques might be used by adversaries to follow through on their end goal or to provide cover for a confidentiality breach.
T1561.002
Disk Wipe: Disk Structure Wipe
Adversaries may corrupt or wipe the disk data structures on a hard drive necessary to boot a system; targeting specific critical systems or in large numbers in a network to interrupt availability to system and network resources.
Adversaries may attempt to render the system unable to boot by overwriting critical data located in structures such as the master boot record (MBR) or partition table.(Citation: Symantec Shamoon 2012)(Citation: FireEye Shamoon Nov 2016)(Citation: Palo Alto Shamoon Nov 2016)(Citation: Kaspersky StoneDrill 2017)(Citation: Unit 42 Shamoon3 2018) The data contained in disk structures may include the initial executable code for loading an operating system or the location of the file system partitions on disk. If this information is not present, the computer will not be able to load an operating system during the boot process, leaving the computer unavailable. Disk Structure Wipe may be performed in isolation, or along with Disk Content Wipe if all sectors of a disk are wiped.
On a network devices, adversaries may reformat the file system using Network Device CLI commands such as `format`.(Citation: format_cmd_cisco)
To maximize impact on the target organization, malware designed for destroying disk structures may have worm-like features to propagate across a network by leveraging other techniques like Valid Accounts, OS Credential Dumping, and SMB/Windows Admin Shares.(Citation: Symantec Shamoon 2012)(Citation: FireEye Shamoon Nov 2016)(Citation: Palo Alto Shamoon Nov 2016)(Citation: Kaspersky StoneDrill 2017)
Adversaries may attempt to render the system unable to boot by overwriting critical data located in structures such as the master boot record (MBR) or partition table.(Citation: Symantec Shamoon 2012)(Citation: FireEye Shamoon Nov 2016)(Citation: Palo Alto Shamoon Nov 2016)(Citation: Kaspersky StoneDrill 2017)(Citation: Unit 42 Shamoon3 2018) The data contained in disk structures may include the initial executable code for loading an operating system or the location of the file system partitions on disk. If this information is not present, the computer will not be able to load an operating system during the boot process, leaving the computer unavailable. Disk Structure Wipe may be performed in isolation, or along with Disk Content Wipe if all sectors of a disk are wiped.
On a network devices, adversaries may reformat the file system using Network Device CLI commands such as `format`.(Citation: format_cmd_cisco)
To maximize impact on the target organization, malware designed for destroying disk structures may have worm-like features to propagate across a network by leveraging other techniques like Valid Accounts, OS Credential Dumping, and SMB/Windows Admin Shares.(Citation: Symantec Shamoon 2012)(Citation: FireEye Shamoon Nov 2016)(Citation: Palo Alto Shamoon Nov 2016)(Citation: Kaspersky StoneDrill 2017)
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.