# IceApple > Tipo: **malware** · S1022 · [MITRE ATT&CK](https://attack.mitre.org/software/S1022) ## Descrição [[s1022-iceapple|IceApple]] é um framework modular de pós-exploração para Internet Information Services (IIS), em uso desde pelo menos 2021 contra os setores de tecnologia, acadêmico e governamental. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1027-010-command-obfuscation|T1027.010 - Command Obfuscation]] - [[t1003-004-lsa-secrets|T1003.004 - LSA Secrets]] - [[t1036-005-match-legitimate-resource-name-or-location|T1036.005 - Match Legitimaté Resource Name or Location]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1552-002-credentials-in-registry|T1552.002 - Credentials in Registry]] - [[t1041-exfiltration-over-c2-channel|T1041 - Exfiltration Over C2 Channel]] - [[t1505-004-iis-components|T1505.004 - IIS Components]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1560-001-archive-via-utility|T1560.001 - Archive via Utility]] - [[t1620-reflective-code-loading|T1620 - Reflective Code Loading]] - [[t1056-003-web-portal-capture|T1056.003 - Web Portal Capture]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] ## Referências - [MITRE ATT&CK - S1022](https://attack.mitre.org/software/S1022)