# Mosquito > Tipo: **malware** · S0256 · [MITRE ATT&CK](https://attack.mitre.org/software/S0256) ## Descrição [[s0256-mosquito|Mosquito]] é um backdoor Win32 utilizado pelo [[g0010-turla|Turla]]. O [[s0256-mosquito|Mosquito]] é composto por três partes: o instalador, o launcher e o backdoor. O backdoor principal é denominado CommanderDLL e é iniciado pelo programa loader. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1047-windows-management-instrumentation|T1047 - Windows Management Instrumentation]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1218-011-rundll32|T1218.011 - Rundll32]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1573-001-symmetric-cryptography|T1573.001 - Symmetric Cryptography]] - [[t1518-001-security-software-discovery|T1518.001 - Security Software Discovery]] - [[t1059-001-powershell|T1059.001 - PowerShell]] - [[t1112-modify-registry|T1112 - Modify Registry]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1546-015-component-object-model-hijacking|T1546.015 - Component Object Model Hijacking]] - [[t1027-013-encryptedencoded-file|T1027.013 - Encrypted/Encoded File]] - [[t1057-process-discovery|T1057 - Process Discovery]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1547-001-registry-run-keys-startup-folder|T1547.001 - Registry Run Keys / Startup Folder]] ## Grupos que Usam - [[g0010-turla|Turla]] ## Referências - [MITRE ATT&CK - S0256](https://attack.mitre.org/software/S0256)