# CHIMNEYSWEEP > Tipo: **malware** · S1149 · [MITRE ATT&CK](https://attack.mitre.org/software/S1149) ## Descrição [[s1149-chimneysweep|CHIMNEYSWEEP]] é um malware backdoor implantado durante a [[homeland-justice|HomeLand Justice]] junto com o ransomware [[s1150-roadsweep|ROADSWEEP]], e tem sido utilizado para atacar falantes de persa e árabe desde pelo menos 2012. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1074-001-local-data-staging|T1074.001 - Local Data Staging]] - [[t1480-execution-guardrails|T1480 - Execution Guardrails]] - [[t1218-003-cmstp|T1218.003 - CMSTP]] - [[t1059-005-visual-basic|T1059.005 - Visual Basic]] - [[t1027-obfuscated-files-or-information|T1027 - Obfuscated Files or Information]] - [[t1105-ingress-tool-transfer|T1105 - Ingress Tool Transfer]] - [[t1120-peripheral-device-discovery|T1120 - Peripheral Device Discovery]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1106-native-api|T1106 - Native API]] - [[t1027-009-embedded-payloads|T1027.009 - Embedded Payloads]] - [[t1027-001-binary-padding|T1027.001 - Binary Padding]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1115-clipboard-data|T1115 - Clipboard Data]] - [[t1005-data-from-local-system|T1005 - Data from Local System]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] ## Referências - [MITRE ATT&CK - S1149](https://attack.mitre.org/software/S1149)