# POWRUNER > Tipo: **malware** · S0184 · [MITRE ATT&CK](https://attack.mitre.org/software/S0184) ## Descrição [[s0184-powruner|POWRUNER]] é um script PowerShell que envia e recebe comandos de/para o servidor C2. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1016-system-network-configuration-discovery|T1016 - System Network Configuration Discovery]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1047-windows-management-instrumentation|T1047 - Windows Management Instrumentation]] - [[t1057-process-discovery|T1057 - Process Discovery]] - [[t1071-004-dns|T1071.004 - DNS]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1518-001-security-software-discovery|T1518.001 - Security Software Discovery]] - [[t1069-002-domain-groups|T1069.002 - Domain Groups]] - [[t1069-001-local-groups|T1069.001 - Local Groups]] - [[t1087-002-domain-account|T1087.002 - Domain Account]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1059-003-windows-command-shell|T1059.003 - Windows Command Shell]] - [[t1059-001-powershell|T1059.001 - PowerShell]] - [[t1132-001-standard-encoding|T1132.001 - Standard Encoding]] ## Grupos que Usam - [[g0049-oilrig|OilRig]] ## Referências - [MITRE ATT&CK - S0184](https://attack.mitre.org/software/S0184)