SHARPSTATS

SHARPSTATS is a .NET backdoor used by MuddyWater since at least 2019.[1]

ID: S0450
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 18 May 2020
Last Modified: 22 March 2023

Techniques Used

Domain ID Name Use
Enterprise T1059 .001 Command and Scripting Interpreter: PowerShell

SHARPSTATS has the ability to employ a custom PowerShell script.[1]

Enterprise T1105 Ingress Tool Transfer

SHARPSTATS has the ability to upload and download files.[1]

Enterprise T1027 .010 Obfuscated Files or Information: Command Obfuscation

SHARPSTATS has used base64 encoding and XOR to obfuscate PowerShell scripts.[1]

Enterprise T1082 System Information Discovery

SHARPSTATS has the ability to identify the IP address, machine name, and OS of the compromised host.[1]

Enterprise T1016 System Network Configuration Discovery

SHARPSTATS has the ability to identify the domain of the compromised host.[1]

Enterprise T1033 System Owner/User Discovery

SHARPSTATS has the ability to identify the username on the compromised host.[1]

Enterprise T1124 System Time Discovery

SHARPSTATS has the ability to identify the current date and time on the compromised host.[1]

Groups That Use This Software

ID Name References
G0069 MuddyWater

[1]

References