Sınıf: Worm
Solucanlar bilgisayar ağlarına ağ kaynakları üzerinden yayıldı. Net-Worms'tan farklı olarak, kullanıcının aktif hale getirilmesi için bir solucan başlatması gerekir. Bu tür bir solucan, uzaktaki bilgisayar ağlarını arar ve okuduğunu / yazabileceği dizinleri (varsa) bulur. Ayrıca, bu solucanlar ya erişilebilir ağ dizinlerini aramak için yerleşik işletim sistemi işlevlerini kullanır ve / veya Internet'teki bilgisayarları rasgele aramaya, onlara bağlanmaya ve bu bilgisayarların disklerine tam erişim elde etmeye çalışırlar. Bu kategori aynı zamanda, bir sebepten ötürü, yukarıda tanımlanan diğer kategorilerden herhangi birine uymayan solucanları da kapsar (örneğin, mobil cihazlar için solucanlar).Platform: Win32
Win32, 32-bit uygulamaların yürütülmesini destekleyen Windows NT tabanlı işletim sistemlerinde (Windows XP, Windows 7, vb.) Bir API'dir. Dünyanın en yaygın programlama platformlarından biri.Aile: Worm.Win32.Cridex
No family descriptionExamples
1370F5580955623A34AB2152A4790C15Tactics and Techniques: Mitre*
TA0010
Exfiltration
The adversary is trying to steal data. Exfiltration consists of techniques that adversaries may use to steal data from your network. Once they've collected data, adversaries often package it to avoid detection while removing it. This can include compression and encryption. Techniques for getting data out of a target network typically include transferring it over their command and control channel or an alternate channel and may also include putting size limits on the transmission.
T1567
Exfiltration Over Web Service
Adversaries may use an existing, legitimate external Web service to exfiltrate data rather than their primary command and control channel. Popular Web services acting as an exfiltration mechanism may give a significant amount of cover due to the likelihood that hosts within a network are already communicating with them prior to compromise. Firewall rules may also already exist to permit traffic to these services.
TA0011
Command and Control
The adversary is trying to communicate with compromised systems to control them. Command and Control consists of techniques that adversaries may use to communicate with systems under their control within a victim network. Adversaries commonly attempt to mimic normal, expected traffic to avoid detection. There are many ways an adversary can establish command and control with various levels of stealth depending on the victim's network structure and defenses.
T1095
Non-Application Layer Protocol
Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive. Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
T1102.002
Bidirectional Communication
Adversaries may use an existing, legitimate external Web service as a means for sending commands to and receiving output from a compromised system over the Web service channel. Compromised systems may leverage popular websites and social media to host command and control (C2) instructions. Those infected systems can then send the output from those commands back over that Web service channel. The return traffic may occur in a variety of ways, depending on the Web service being utilized. For example, the return traffic may take the form of the compromised system posting a comment on a forum, issuing a pull request to development project, updating a document hosted on a Web service, or by sending a Tweet.
* © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.