# Backdoor.Oldrea > Tipo: **malware** · S0093 · [MITRE ATT&CK](https://attack.mitre.org/software/S0093) ## Descrição [[s0093-backdooroldrea|Backdoor.Oldrea]] é um backdoor modular utilizado pelo [[g0035-dragonfly|Dragonfly]] contra empresas de energia desde pelo menos 2013. [[s0093-backdooroldrea|Backdoor.Oldrea]] foi distribuído por meio de comprometimento da cadeia de suprimentos e incluía módulos especializados para enumerar e mapear sistemas, processos e protocolos específicos de ICS. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1547-001-registry-run-keys-startup-folder|T1547.001 - Registry Run Keys / Startup Folder]] - [[t1046-network-service-discovery|T1046 - Network Service Discovery]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1218-011-rundll32|T1218.011 - Rundll32]] - [[t1055-process-injection|T1055 - Process Injection]] - [[t1132-001-standard-encoding|T1132.001 - Standard Encoding]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1087-003-email-account|T1087.003 - Email Account]] - [[t1560-archive-collected-data|T1560 - Archive Collected Data]] - [[t1555-003-credentials-from-web-browsers|T1555.003 - Credentials from Web Browsers]] - [[t1057-process-discovery|T1057 - Process Discovery]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1018-remote-system-discovery|T1018 - Remote System Discovery]] ## Grupos que Usam - [[g0035-dragonfly|Dragonfly]] ## Referências - [MITRE ATT&CK - S0093](https://attack.mitre.org/software/S0093)