SHARPSTATS
SHARPSTATS is a .NET backdoor used by MuddyWater since at least 2019.[1]
ID: S0450
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 18 May 2020
Last Modified: 22 March 2023
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell |
SHARPSTATS has the ability to employ a custom PowerShell script.[1] |
| Enterprise | T1105 | Ingress Tool Transfer |
SHARPSTATS has the ability to upload and download files.[1] |
|
| Enterprise | T1027 | .010 | Obfuscated Files or Information: Command Obfuscation |
SHARPSTATS has used base64 encoding and XOR to obfuscate PowerShell scripts.[1] |
| Enterprise | T1082 | System Information Discovery |
SHARPSTATS has the ability to identify the IP address, machine name, and OS of the compromised host.[1] |
|
| Enterprise | T1016 | System Network Configuration Discovery |
SHARPSTATS has the ability to identify the domain of the compromised host.[1] |
|
| Enterprise | T1033 | System Owner/User Discovery |
SHARPSTATS has the ability to identify the username on the compromised host.[1] |
|
| Enterprise | T1124 | System Time Discovery |
SHARPSTATS has the ability to identify the current date and time on the compromised host.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0069 | MuddyWater |