Malware: zwShell

Description

[zwShell](https://attack.mitre.org/software/S0350) is a remote access tool (RAT) written in Delphi that has been seen in the wild since the spring of 2010 and used by threat actors during [Night Dragon](https://attack.mitre.org/campaigns/C0002).(Citation: McAfee Night Dragon)

External References

• mitre-attack
• McAfee Night Dragon

Techniques Used by This Malware

• T1016 — System Network Configuration Discovery
• T1021.001 — Remote Desktop Protocol
• T1021.002 — SMB/Windows Admin Shares
• T1033 — System Owner/User Discovery
• T1053.005 — Scheduled Task
• T1059.003 — Windows Command Shell
• T1070.004 — File Deletion
• T1082 — System Information Discovery
• T1083 — File and Directory Discovery
• T1112 — Modify Registry
• T1543.003 — Windows Service