クラス: P2P-Worm
P2Pワームは、ピアツーピアのファイル共有ネットワーク(Kazaa、Grokster、EDonkey、FastTrack、Gnutellaなど)を介して拡散します。これらのワームのほとんどは、比較的簡単な方法で動作します。P2Pネットワークに接続するには、通常、ローカルマシン上のファイル共有ディレクトリに自身をコピーするだけです。 P2Pネットワークはそれ以外の機能を果たします。ファイル検索を実行すると、ファイルをリモートユーザに通知し、感染したコンピュータからファイルをダウンロードできるサービスを提供します。また、特定のファイル共有システムのネットワークプロトコルを模倣し、検索クエリに積極的に応答する、より複雑なP2P-Wormsもあります。 P2P-Wormのコピーがマッチとして提供されます。プラットフォーム: Win32
Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム(Windows XP、Windows 7など)上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。ファミリー: P2P-Worm.Win32.Palevo
No family descriptionExamples
CCE8F29F4BAFA8A4A47487A3E2AEA1EETactics and Techniques: Mitre*
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1497.003
Time Based Evasion
Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. This may include enumerating time-based properties, such as uptime or the system clock, as well as the use of timers or other triggers to avoid a virtual machine environment (VME) or sandbox, specifically those that are automated or only operate for a limited amount of time.
TA0006
Credential Access
The adversary is trying to steal account names and passwords. Credential Access consists of techniques for stealing credentials like account names and passwords. Techniques used to get credentials include keylogging or credential dumping. Using legitimate credentials can give adversaries access to systems, make them harder to detect, and provide the opportunity to create more accounts to help achieve their goals.
T1552.008
Chat Messages
Adversaries may directly collect unsecured credentials stored or passed through user communication services. Credentials may be sent and stored in user chat communication applications such as email, chat services like Slack or Teams, collaboration tools like Jira or Trello, and any other services that support user communication. Users may share various forms of credentials (such as usernames and passwords, API keys, or authentication tokens) on private or public corporate internal communications channels.
TA0007
Discovery
The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what's around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1497.003
Time Based Evasion
Adversaries may employ various time-based methods to detect and avoid virtualization and analysis environments. This may include enumerating time-based properties, such as uptime or the system clock, as well as the use of timers or other triggers to avoid a virtual machine environment (VME) or sandbox, specifically those that are automated or only operate for a limited amount of time.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.