# GrimAgent > Tipo: **malware** · S0632 · [MITRE ATT&CK](https://attack.mitre.org/software/S0632) ## Descrição [[s0632-grimagent|GrimAgent]] é um backdoor utilizado antes da implantação do ransomware [[s0446-ryuk|Ryuk]] desde pelo menos 2020; é provavelmente utilizado pelo [[g0037-fin6|FIN6]] e pelo [[g0102-conti-group|Wizard Spider]]. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1547-001-registry-run-keys-startup-folder|T1547.001 - Registry Run Keys / Startup Folder]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1053-005-scheduled-task|T1053.005 - Scheduled Task]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1573-002-asymmetric-cryptography|T1573.002 - Asymmetric Cryptography]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1132-001-standard-encoding|T1132.001 - Standard Encoding]] - [[t1573-001-symmetric-cryptography|T1573.001 - Symmetric Cryptography]] - [[t1106-native-api|T1106 - Native API]] - [[t1480-002-mutual-exclusion|T1480.002 - Mutual Exclusion]] - [[t1614-001-system-language-discovery|T1614.001 - System Language Discovery]] - [[t1497-003-time-based-checks|T1497.003 - Time Based Checks]] ## Grupos que Usam - [[g0037-fin6|FIN6]] - [[g0102-conti-group|Wizard Spider]] ## Referências - [MITRE ATT&CK - S0632](https://attack.mitre.org/software/S0632)