Класс: Worm
Размножается в компьютерных сетях через сетевые ресурсы или съемные носители. В отличие от Net-Worm, чтобы Worm активировался, пользователь должен запустить его. Черви этого типа ищут в сети удаленные компьютеры и копируют себя в каталоги, открытые на чтение и запись (если такие обнаружены). При этом такие черви или перебирают доступные сетевые каталоги, используя функции операционной системы, и/или случайным образом ищут компьютеры в интернете, подключаются к ним и пытаются открыть их диски для полного доступа. Также к данному типу червей относятся черви, которые по тем или иным причинам нельзя отнести ни к одному из вышеописанных классов (например, мобильные черви).Подробнее
Платформа: Win32
Win32 - платформа, управляемая операционной системой на базе Windows NT (Windows XP, Windows 7 и т.д.), позволяющей исполнять 32-битные приложения. В настоящее время данная платформа является одной из наиболее распространенных.Семейство: Worm.Win32.Zombaque
Нет описания семействаПримеры
400D90DC937626339025F0B95447840970AEFB1233637076F32E82489AC7889E
F274403CFA74A3BA9A8427D3577EAD03
774DC0D75431B68F3D8A4ED6396DB94E
77B7B65C62BB73B45C3407BC1B6AEDD4
Тактики и Техники: Mitre*
TA0007
Discovery
The adversary is trying to figure out your environment. Discovery consists of techniques an adversary may use to gain knowledge about the system and internal network. These techniques help adversaries observe the environment and orient themselves before deciding how to act. They also allow adversaries to explore what they can control and what's around their entry point in order to discover how it could benefit their current objective. Native operating system tools are often used toward this post-compromise information-gathering objective.
T1046
Network Service Discovery
Adversaries may attempt to get a listing of services running on remote hosts and local network infrastructure devices, including those that may be vulnerable to remote software exploitation. Common methods to acquire this information include port, vulnerability, and/or wordlist scans using tools that are brought onto a system.
TA0009
Collection
The adversary is trying to gather data of interest to their goal. Collection consists of techniques adversaries may use to gather information and the sources information is collected from that are relevant to following through on the adversary's objectives. Frequently, the next goal after collecting data is to steal (exfiltrate) the data. Common target sources include various drive types, browsers, audio, video, and email. Common collection methods include capturing screenshots and keyboard input.
T1113
Screen Capture
Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as
CopyFromScreen, xwd, or screencapture. TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim's network structure and defenses.
T1095
Non-Application Layer Protocol
Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive. Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.