# Rising Sun > Tipo: **malware** · S0448 · [MITRE ATT&CK](https://attack.mitre.org/software/S0448) ## Descrição [[s0448-rising-sun|Rising Sun]] é um backdoor modular amplamente utilizado na [[operation-sharpshooter|Operação Sharpshooter]] entre 2017 e 2019. O [[s0448-rising-sun|Rising Sun]] infectou pelo menos 87 organizações ao redor do mundo, incluindo empresas dos setores nuclear, de defesa, energia e serviços financeiros. Pesquisadores de segurança avaliaram que o [[s0448-rising-sun|Rising Sun]] inclui parte do código-fonte do Trojan Duuzer do [[g0032-lazarus-group|Lazarus Group]]. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1560-003-archive-via-custom-method|T1560.003 - Archive via Custom Method]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1027-013-encryptedencoded-file|T1027.013 - Encrypted/Encoded File]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1070-indicator-removal|T1070 - Indicator Removal]] - [[t1057-process-discovery|T1057 - Process Discovery]] - [[t1573-002-asymmetric-cryptography|T1573.002 - Asymmetric Cryptography]] - [[t1041-exfiltration-over-c2-channel|T1041 - Exfiltration Over C2 Channel]] - [[t1016-001-internet-connection-discovery|T1016.001 - Internet Connection Discovery]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] ## Referências - [MITRE ATT&CK - S0448](https://attack.mitre.org/software/S0448)