# ZxShell > Tipo: **malware** · S0412 · [MITRE ATT&CK](https://attack.mitre.org/software/S0412) ## Descrição [[s0412-zxshell|ZxShell]] é uma ferramenta de administração remota e backdoor que pode ser baixada da internet, especialmente de sites de hackers chineses. Está em uso desde pelo menos 2004. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1021-005-vnc|T1021.005 - VNC]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1090-proxy|T1090 - Proxy]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1571-non-standard-port|T1571 - Non-Standard Port]] - [[t1056-004-credential-api-hooking|T1056.004 - Credential API Hooking]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1113-screen-capture|T1113 - Screen Capture]] - [[t1012-query-registry|T1012 - Query Registry]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1190-exploit-public-facing-application|T1190 - Exploit Public-Facing Application]] - [[t1057-process-discovery|T1057 - Process Discovery]] - [[t1046-network-service-discovery|T1046 - Network Service Discovery]] - [[t1112-modify-registry|T1112 - Modify Registry]] ## Grupos que Usam - [[g0001-axiom|Axiom]] - [[g0096-apt41|APT41]] - [[g0027-threat-group-3390|Threat Group-3390]] ## Referências - [MITRE ATT&CK - S0412](https://attack.mitre.org/software/S0412)