クラス: Net-Worm
ネットワームはコンピュータネットワークを介して伝播します。この種のワームの特徴は、普及するためにユーザーの操作を必要としないことです。この種のワームは、通常、ネットワーク上のコンピュータ上で動作するソフトウェアの重大な脆弱性を検索します。ネットワーク上のコンピュータを感染させるために、ワームは特別に細工されたネットワークパケット(悪用と呼ばれます)を送信し、その結果ワームコード(またはワームコードの一部)が被害者のコンピュータに侵入して起動します。ネットワークパケットには、メインワームモジュールを含むファイルをダウンロードして実行するワームコードの部分しか含まれていないことがあります。一部のネットワークワームは、複数の攻撃を同時に使用して感染するため、犠牲者を見つける速度が向上します。プラットフォーム: Win32
Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム(Windows XP、Windows 7など)上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。ファミリー: Net-Worm.Win32.Aspxor
No family descriptionExamples
0B09F91C6A37927CBE483172139DFDBBC73E5B2CB5E73A9E5E30F00CB27ECF56
A1C56F833FD0FEAA4150B00AC78B102F
Tactics and Techniques: Mitre*
TA0002
Execution
The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
T1203
Exploitation for Client Execution
Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036
Masquerading
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
T1055
Process Injection
Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
T1055.012
Process Hollowing
Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.