# CLAIMLOADER > Tipo: **malware** · S1236 · [MITRE ATT&CK](https://attack.mitre.org/software/S1236) ## Descrição [[s1236-claimloader|CLAIMLOADER]] é uma variante de malware que frequentemente acompanha executáveis legítimos usados para DLL side-loading, conhecido por ser utilizado pelo [[g0129-mustang-panda|Mustang Panda]] e observado pela primeira vez em 2021. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1559-001-component-object-model|T1559.001 - Component Object Model]] - [[t1106-native-api|T1106 - Native API]] - [[t1547-001-registry-run-keys-startup-folder|T1547.001 - Registry Run Keys / Startup Folder]] - [[t1574-001-dll|T1574.001 - DLL]] - [[t1564-001-hidden-files-and-directories|T1564.001 - Hidden Files and Directories]] - [[t1036-005-match-legitimate-resource-name-or-location|T1036.005 - Match Legitimaté Resource Name or Location]] - [[t1480-002-mutual-exclusion|T1480.002 - Mutual Exclusion]] - [[t1204-002-malicious-file|T1204.002 - Malicious File]] - [[t1053-005-scheduled-task|T1053.005 - Scheduled Task]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1027-007-dynamic-api-resolution|T1027.007 - Dynamic API Resolution]] ## Grupos que Usam - [[g0129-mustang-panda|Mustang Panda]] ## Referências - [MITRE ATT&CK - S1236](https://attack.mitre.org/software/S1236)