クラス: Exploit
エクスプロイトとは、悪意のある目的のためにローカルコンピュータまたはリモートコンピュータ上で実行されているソフトウェアの1つまたは複数の脆弱性を利用するデータまたは実行可能コードを含むプログラムです。多くの場合、悪意のあるユーザーは、悪意のあるコードをインストールするために(たとえば、悪意のあるプログラムを使用して侵害されたWebサイトにすべての訪問者を感染させるために)被害者のコンピュータに侵入するための攻撃を利用します。さらに、悪意のあるコンピューティングは、ユーザから何も要求されずに被害者のコンピュータをハックするためにNet-Wormsによって一般に使用されます。 Nukerのプログラムは悪用のなかでも注目に値する。そのようなプログラムは特別に細工された要求をローカルまたはリモートのコンピュータに送信し、システムがクラッシュする原因となります。プラットフォーム: Win32
Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム(Windows XP、Windows 7など)上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。ファミリー: Exploit.Win32.ChecksumController
No family descriptionExamples
1F60683A538F13F83FEB4C28547DD644Tactics and Techniques: Mitre*
TA0002
Execution
The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
T1059.001
PowerShell
Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system. Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the
Start-Process cmdlet which can be used to run an executable and the Invoke-Command cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems). TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036.003
Rename Legitimate Utilities
Adversaries may rename legitimate / system utilities to try to evade security mechanisms concerning the usage of those utilities. Security monitoring and control mechanisms may be in place for legitimate utilities adversaries are capable of abusing, including both built-in binaries and tools such as PSExec, AutoHotKey, and IronPython. It may be possible to bypass those security mechanisms by renaming the utility prior to utilization (ex: rename
rundll32.exe). An alternative case occurs when a legitimate utility is copied or moved to a different directory and renamed to avoid detections based on these utilities executing from non-standard paths. * © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.