# zwShell > Tipo: **malware** · S0350 · [MITRE ATT&CK](https://attack.mitre.org/software/S0350) ## Descrição [[s0350-zwshell|zwShell]] é uma ferramenta de acesso remoto (RAT) escrita em Delphi, observada em atividade desde a primavera de 2010 e utilizada por atores de ameaça durante a operação [[night-dragon|Night Dragon]]. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1021-001-remote-desktop-protocol|T1021.001 - Remote Desktop Protocol]] - [[t1021-002-smbwindows-admin-shares|T1021.002 - SMB/Windows Admin Shares]] - [[t1053-005-scheduled-task|T1053.005 - Scheduled Task]] - [[t1543-003-windows-service|T1543.003 - Windows Service]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1112-modify-registry|T1112 - Modify Registry]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] ## Referências - [MITRE ATT&CK - S0350](https://attack.mitre.org/software/S0350)