Sınıf: Net-Worm
Net-Worms bilgisayar ağları yoluyla yayılır. Bu tür solucanın ayırt edici özelliği, yayılmak için kullanıcı eylemi gerektirmemesidir. Bu tür solucan genellikle ağdaki bilgisayarlarda çalışan yazılımlardaki kritik güvenlik açıklarını arar. Ağdaki bilgisayarları enfekte etmek için, solucan özel hazırlanmış bir ağ paketi (istismar olarak adlandırılır) gönderir ve bunun sonucunda solucan kodu (veya solucan kodunun bir kısmı) kurbanın bilgisayarına nüfuz eder ve aktive olur. Bazen ağ paketi, ana solucan modülünü içeren bir dosyayı indirip çalıştıracak olan solucan kodunun yalnızca bir kısmını içerir. Bazı ağ solucanları, yayılmak için eş zamanlı olarak birkaç istismar kullanır, böylece kurbanların bulunduğu hızı arttırır.Platform: Win32
Win32, 32-bit uygulamaların yürütülmesini destekleyen Windows NT tabanlı işletim sistemlerinde (Windows XP, Windows 7, vb.) Bir API'dir. Dünyanın en yaygın programlama platformlarından biri.Aile: Net-Worm.Win32.Aspxor
No family descriptionExamples
0B09F91C6A37927CBE483172139DFDBBC73E5B2CB5E73A9E5E30F00CB27ECF56
A1C56F833FD0FEAA4150B00AC78B102F
Tactics and Techniques: Mitre*
TA0002
Execution
The adversary is trying to run malicious code. Execution consists of techniques that result in adversary-controlled code running on a local or remote system. Techniques that run malicious code are often paired with techniques from all other tactics to achieve broader goals, like exploring a network or stealing data. For example, an adversary might use a remote access tool to run a PowerShell script that does Remote System Discovery.
T1203
Exploitation for Client Execution
Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
TA0005
Defense Evasion
The adversary is trying to avoid being detected. Defense Evasion consists of techniques that adversaries use to avoid detection throughout their compromise. Techniques used for defense evasion include uninstalling/disabling security software or obfuscating/encrypting data and scripts. Adversaries also leverage and abuse trusted processes to hide and masquerade their malware. Other tactics' techniques are cross-listed here when those techniques include the added benefit of subverting defenses.
T1036
Masquerading
Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
T1055
Process Injection
Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
T1055.012
Process Hollowing
Adversaries may inject malicious code into suspended and hollowed processes in order to evade process-based defenses. Process hollowing is a method of executing arbitrary code in the address space of a separate live process.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.