S0450 SHARPSTATS
SHARPSTATS is a .NET backdoor used by MuddyWater since at least 2019.1
| Item | Value |
|---|---|
| ID | S0450 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 18 May 2020 |
| Last Modified | 22 March 2023 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| enterprise | T1059 | Command and Scripting Interpreter | - |
| enterprise | T1059.001 | PowerShell | SHARPSTATS has the ability to employ a custom PowerShell script.1 |
| enterprise | T1105 | Ingress Tool Transfer | SHARPSTATS has the ability to upload and download files.1 |
| enterprise | T1027 | Obfuscated Files or Information | - |
| enterprise | T1027.010 | Command Obfuscation | SHARPSTATS has used base64 encoding and XOR to obfuscate PowerShell scripts.1 |
| enterprise | T1082 | System Information Discovery | SHARPSTATS has the ability to identify the IP address, machine name, and OS of the compromised host.1 |
| enterprise | T1016 | System Network Configuration Discovery | SHARPSTATS has the ability to identify the domain of the compromised host.1 |
| enterprise | T1033 | System Owner/User Discovery | SHARPSTATS has the ability to identify the username on the compromised host.1 |
| enterprise | T1124 | System Time Discovery | SHARPSTATS has the ability to identify the current date and time on the compromised host.1 |
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0069 | MuddyWater | 1 |