# Small Sieve > Tipo: **malware** · S1035 · [MITRE ATT&CK](https://attack.mitre.org/software/S1035) ## Descrição [[s1035-small-sieve|Small Sieve]] é um backdoor Python baseado na API do Telegram Bot, distribuído por meio de um instalador Nullsoft Scriptable Install System (NSIS); utilizado pelo [[g0069-mango-sandstorm|MuddyWater]] desde pelo menos janeiro de 2022. Pesquisadores de segurança também observaram o uso do [[s1035-small-sieve|Small Sieve]] pelo UNC3313, que pode estar associado ao [[g0069-mango-sandstorm|MuddyWater]]. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1132-002-non-standard-encoding|T1132.002 - Non-Standard Encoding]] - [[t1480-execution-guardrails|T1480 - Execution Guardrails]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1573-002-asymmetric-cryptography|T1573.002 - Asymmetric Cryptography]] - [[t1059-006-python|T1059.006 - Python]] - [[t1547-001-registry-run-keys-startup-folder|T1547.001 - Registry Run Keys / Startup Folder]] - [[t1036-005-match-legitimate-resource-name-or-location|T1036.005 - Match Legitimaté Resource Name or Location]] - [[t1027-obfuscated-files-or-information|T1027 - Obfuscated Files or Information]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1102-002-bidirectional-communication|T1102.002 - Bidirectional Commúnication]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] ## Grupos que Usam - [[g0069-mango-sandstorm|MuddyWater]] ## Referências - [MITRE ATT&CK - S1035](https://attack.mitre.org/software/S1035)