# DanBot > Tipo: **malware** · S1014 · [MITRE ATT&CK](https://attack.mitre.org/software/S1014) ## Descrição [[s1014-danbot|DanBot]] é um Trojan de acesso remoto de primeiro estágio escrito em C# utilizado pelo [[g1001-hexane|HEXANE]] desde pelo menos 2018. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1053-005-scheduled-task|T1053.005 - Scheduled Task]] - [[t1036-005-match-legitimate-resource-name-or-location|T1036.005 - Match Legitimaté Resource Name or Location]] - [[t1021-005-vnc|T1021.005 - VNC]] - [[t1027-013-encryptedencoded-file|T1027.013 - Encrypted/Encoded File]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1204-002-malicious-file|T1204.002 - Malicious File]] - [[t1071-004-dns|T1071.004 - DNS]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1566-001-spearphishing-attachment|T1566.001 - Spearphishing Attachment]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1059-005-visual-basic|T1059.005 - Visual Basic]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] ## Grupos que Usam - [[g1001-hexane|HEXANE]] ## Referências - [MITRE ATT&CK - S1014](https://attack.mitre.org/software/S1014)