SHARPSTATS
SHARPSTATS is a .NET backdoor used by MuddyWater since at least 2019.[1]
ID: S0450
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 18 May 2020
Last Modified: 22 March 2023
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .001 | 命令与脚本解释器: PowerShell |
SHARPSTATS has the ability to employ a custom PowerShell script.[1] |
| Enterprise | T1027 | .010 | 混淆文件或信息: Command Obfuscation |
SHARPSTATS has used base64 encoding and XOR to obfuscate PowerShell scripts.[1] |
| Enterprise | T1082 | 系统信息发现 |
SHARPSTATS has the ability to identify the IP address, machine name, and OS of the compromised host.[1] |
|
| Enterprise | T1033 | 系统所有者/用户发现 |
SHARPSTATS has the ability to identify the username on the compromised host.[1] |
|
| Enterprise | T1124 | 系统时间发现 |
SHARPSTATS has the ability to identify the current date and time on the compromised host.[1] |
|
| Enterprise | T1016 | 系统网络配置发现 |
SHARPSTATS has the ability to identify the domain of the compromised host.[1] |
|
| Enterprise | T1105 | 输入工具传输 |
SHARPSTATS has the ability to upload and download files.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0069 | MuddyWater |