# PowerShower > Tipo: **malware** · S0441 · [MITRE ATT&CK](https://attack.mitre.org/software/S0441) ## Descrição [[s0441-powershower|PowerShower]] é um backdoor em PowerShell utilizado pelo [[g0100-inception-framework|Inception]] para reconhecimento inicial e para baixar e executar payloads de segundo estágio. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1057-process-discovery|T1057 - Process Discovery]] - [[t1059-001-powershell|T1059.001 - PowerShell]] - [[t1547-001-registry-run-keys-startup-folder|T1547.001 - Registry Run Keys / Startup Folder]] - [[t1041-exfiltration-over-c2-channel|T1041 - Exfiltration Over C2 Channel]] - [[t1132-001-standard-encoding|T1132.001 - Standard Encoding]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1112-modify-registry|T1112 - Modify Registry]] - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1564-003-hidden-window|T1564.003 - Hidden Window]] - [[t1560-001-archive-via-utility|T1560.001 - Archive via Utility]] - [[t1059-005-visual-basic|T1059.005 - Visual Basic]] ## Grupos que Usam - [[g0100-inception-framework|Inception]] ## Referências - [MITRE ATT&CK - S0441](https://attack.mitre.org/software/S0441)