Sınıf: Hoax
Bir aldatmaca, bir virüs veya başka bir zararlı kod parçası hakkında sahte bir uyarıdır. Tipik olarak bir aldatmaca, tehlikeli yeni bir virüsün okuyucusunu uyaran ve okuyucunun mesajı ilettiğini ileri süren bir e-posta mesajı biçiminde olur. Aldatmacalar kendilerine zarar vermez, fakat iyi niyetli kullanıcılar tarafından dağıtımı genellikle korku ve belirsizliğe neden olur. Çoğu virüsten koruma yazılımı satıcıları web sitelerinde aldatmaca bilgileri içerir ve uyarı mesajlarını iletmeden önce her zaman kontrol edilmesi önerilir.Platform: Win32
Win32, 32-bit uygulamaların yürütülmesini destekleyen Windows NT tabanlı işletim sistemlerinde (Windows XP, Windows 7, vb.) Bir API'dir. Dünyanın en yaygın programlama platformlarından biri.Aile: Hoax.Win32.ArchSMS
No family descriptionExamples
E8B38801C0E9042A6604C7448CC6E5B0DCFC2EF9C03D884732A05136F5DBC761
65E52505C933712D98E687E25A6AE1F0
D6322A2ED2B33389D7DA447C466B97C5
59091D0B93A5C56A4AAFBEDE3F005E73
Tactics and Techniques: Mitre*
TA0002
Execution
The adversary is trying to run malicious code.
Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
T1203
Exploitation for Client Execution
Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Several types exist:
### Browser-based Exploitation
Web browsers are a common target through Drive-by Compromise and Spearphishing Link. Endpoint systems may be compromised through normal web browsing or from certain users being targeted by links in spearphishing emails to adversary controlled sites used to exploit the web browser. These often do not require an action by the user for the exploit to be executed.
### Office Applications
Common office and productivity applications such as Microsoft Office are also targeted through Phishing. Malicious files will be transmitted directly as attachments or through links to download them. These require the user to open the document or file for the exploit to run.
### Common Third-party Applications
Other applications that are commonly seen or are part of the software deployed in a target network may also be used for exploitation. Applications such as Adobe Reader and Flash, which are common in enterprise environments, have been routinely targeted by adversaries attempting to gain access to systems. Depending on the software and nature of the vulnerability, some may be exploited in the browser or require the user to open a file. For instance, some Flash exploits have been delivered as objects within Microsoft Office documents.
Several types exist:
### Browser-based Exploitation
Web browsers are a common target through Drive-by Compromise and Spearphishing Link. Endpoint systems may be compromised through normal web browsing or from certain users being targeted by links in spearphishing emails to adversary controlled sites used to exploit the web browser. These often do not require an action by the user for the exploit to be executed.
### Office Applications
Common office and productivity applications such as Microsoft Office are also targeted through Phishing. Malicious files will be transmitted directly as attachments or through links to download them. These require the user to open the document or file for the exploit to run.
### Common Third-party Applications
Other applications that are commonly seen or are part of the software deployed in a target network may also be used for exploitation. Applications such as Adobe Reader and Flash, which are common in enterprise environments, have been routinely targeted by adversaries attempting to gain access to systems. Depending on the software and nature of the vulnerability, some may be exploited in the browser or require the user to open a file. For instance, some Flash exploits have been delivered as objects within Microsoft Office documents.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.