# Gomir > Tipo: **malware** · S1198 · [MITRE ATT&CK](https://attack.mitre.org/software/S1198) ## Descrição Gomir é uma variante de backdoor Linux do malware baseado em Go [[s1197-gobear|GoBear]], exclusivamente associada às operações do grupo [[g0094-kimsuky|Kimsuky]]. **Plataformas:** Linux ## Técnicas Utilizadas - [[t1573-encrypted-channel|T1573 - Encrypted Channel]] - [[t1543-002-systemd-service|T1543.002 - Systemd Service]] - [[t1018-remote-system-discovery|T1018 - Remote System Discovery]] - [[t1132-001-standard-encoding|T1132.001 - Standard Encoding]] - [[t1053-003-cron|T1053.003 - Cron]] - [[t1059-004-unix-shell|T1059.004 - Unix Shell]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1090-001-internal-proxy|T1090.001 - Internal Proxy]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1069-001-local-groups|T1069.001 - Local Groups]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1573-002-asymmetric-cryptography|T1573.002 - Asymmetric Cryptography]] ## Grupos que Usam - [[g0094-kimsuky|Kimsuky]] ## Referências - [MITRE ATT&CK - S1198](https://attack.mitre.org/software/S1198)