# POWERSTATS > Tipo: **malware** · S0223 · [MITRE ATT&CK](https://attack.mitre.org/software/S0223) ## Descrição [POWERSTATS](https://attack.mitre.org/software/S0223) é um backdoor de primeiro estágio baseado em PowerShell utilizado pelo [[g0069-mango-sandstorm|MuddyWater]]. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1559-001-component-object-model|T1559.001 - Component Object Model]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1033-system-owneruser-discovery|T1033 - System Owner/User Discovery]] - [[t1562-001-disable-or-modify-tools|T1562.001 - Disable or Modify Tools]] - [[t1036-004-masquerade-task-or-service|T1036.004 - Masquerade Task or Service]] - [[t1087-001-local-account|T1087.001 - Local Account]] - [[t1518-001-security-software-discovery|T1518.001 - Security Software Discovery]] - [[t1218-005-mshta|T1218.005 - Mshta]] - [[t1047-windows-management-instrumentation|T1047 - Windows Management Instrumentation]] - [[t1029-scheduled-transfer|T1029 - Scheduled Transfer]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1132-001-standard-encoding|T1132.001 - Standard Encoding]] - [[t1090-002-external-proxy|T1090.002 - External Proxy]] - [[t1559-002-dynamic-data-exchange|T1559.002 - Dynamic Data Exchange]] - [[t1059-001-powershell|T1059.001 - PowerShell]] ## Grupos que Usam - [[g0069-mango-sandstorm|MuddyWater]] ## Referências - [MITRE ATT&CK - S0223](https://attack.mitre.org/software/S0223)