クラス: Worm
ワームは、ネットワークリソースを介してコンピュータネットワーク上に広まります。 Net-Wormとは異なり、ユーザーはワームを起動して起動する必要があります。この種のワームは、リモートのコンピュータネットワークを検索し、読み書き可能なディレクトリに自身をコピーします(見つかった場合)。さらに、これらのワームは、内蔵のオペレーティングシステム機能を使用して、アクセス可能なネットワークディレクトリを検索したり、インターネット上のコンピュータをランダムに検索したり、それらに接続したり、これらのコンピュータのディスクに完全にアクセスしようとします。また、このカテゴリには、1つまたは複数の理由で、上記で定義した他のカテゴリ(モバイルデバイス用のワームなど)に適合しないワームも含まれます。プラットフォーム: Win32
Win32は、32ビットアプリケーションの実行をサポートするWindows NTベースのオペレーティングシステム(Windows XP、Windows 7など)上のAPIです。世界で最も広く普及しているプログラミングプラットフォームの1つです。ファミリー: Worm.Win32.Pajetbin
No family descriptionExamples
BCB156700B59B790510ACCD9887E3776Tactics and Techniques: Mitre*
TA0004
Privilege Escalation
The adversary is trying to gain higher-level permissions. Privilege Escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Adversaries can often enter and explore a network with unprivileged access but require elevated permissions to follow through on their objectives. Common approaches are to take advantage of system weaknesses, misconfigurations, and vulnerabilities. Examples of elevated access include: SYSTEM/root level, local administrator, user account with admin-like access, user accounts with access to specific system or perform specific function. These techniques often overlap with Persistence techniques, as OS features that let an adversary persist can execute in an elevated context.
T1134
Access Token Manipulation
Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1134
Access Token Manipulation
Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.