s0663-sysupdat - RunkIntel

# SysUpdaté > Tipo: **malware** · S0663 · [MITRE ATT&CK](https://attack.mitre.org/software/S0663) ## Descrição [[sysupdate|SysUpdaté]] é um backdoor escrito em C++ utilizado pelo [[g0027-threat-group-3390|Threat Group-3390]] desde pelo menos 2020. **Plataformas:** Windows, Linux ## Técnicas Utilizadas - [[t1071-004-dns|T1071.004 - DNS]] - [[t1573-001-symmetric-cryptography|T1573.001 - Symmetric Cryptography]] - [[t1007-system-service-discovery|T1007 - System Service Discovery]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1680-local-storage-discovery|T1680 - Local Storage Discovery]] - [[t1132-001-standard-encoding|T1132.001 - Standard Encoding]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1057-process-discovery|T1057 - Process Discovery]] - [[t1553-002-code-signing|T1553.002 - Code Signing]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1027-011-fileless-storage|T1027.011 - Fileless Storage]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1016-001-internet-connection-discovery|T1016.001 - Internet Connection Discovery]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1036-004-masquerade-task-or-service|T1036.004 - Masquerade Task or Service]] ## Grupos que Usam - [[g0027-threat-group-3390|Threat Group-3390]] ## Referências - [MITRE ATT&CK - S0663](https://attack.mitre.org/software/S0663)