# More_eggs > Tipo: **malware** · S0284 · [MITRE ATT&CK](https://attack.mitre.org/software/S0284) ## Descrição [More_eggs](https://attack.mitre.org/software/S0284) é um backdoor JScript utilizado pelo [[g0080-cobalt-group|Cobalt Group]] e pelo [[g0037-fin6|FIN6]]. Seu nome foi atribuído com base na presença da variável "More_eggs" no código. Existem pelo menos duas versões diferentes do backdoor em uso: a versão 2.0 e a versão 4.4. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1016-001-internet-connection-discovery|T1016.001 - Internet Connection Discovery]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1573-001-symmetric-cryptography|T1573.001 - Symmetric Cryptography]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1027-013-encryptedencoded-file|T1027.013 - Encrypted/Encoded File]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1132-001-standard-encoding|T1132.001 - Standard Encoding]] - [[t1518-001-security-software-discovery|T1518.001 - Security Software Discovery]] - [[t1553-002-code-signing|T1553.002 - Code Signing]] - [[t1218-010-regsvr32|T1218.010 - Regsvr32]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] ## Grupos que Usam - [[g0120-evilnum|Evilnum]] - [[g0037-fin6|FIN6]] - [[g0080-cobalt-group|Cobalt Group]] ## Referências - [MITRE ATT&CK - S0284](https://attack.mitre.org/software/S0284)