# CharmPower > Tipo: **malware** · S0674 · [MITRE ATT&CK](https://attack.mitre.org/software/S0674) ## Descrição [[s0674-charmpower|CharmPower]] é um backdoor modular baseado em PowerShell utilizado pelo [[g0059-magic-hound|Magic Hound]] desde pelo menos 2022. **Plataformas:** Windows ## Técnicas Utilizadas - [[t1112-modify-registry|T1112 - Modify Registry]] - [[t1082-system-information-discovery|T1082 - System Information Discovery]] - [[t1518-software-discovery|T1518 - Software Discovery]] - [[t1048-003-exfiltration-over-unencrypted-non-c2-protocol|T1048.003 - Exfiltration Over Unencrypted Non-C2 Protocol]] - [[t1573-001-symmetric-cryptography|T1573.001 - Symmetric Cryptography]] - [[t1140-deobfuscatedecode-files-or-information|T1140 - Deobfuscaté/Decode Files or Information]] - [[t1041-exfiltration-over-c2-channel|T1041 - Exfiltration Over C2 Channel]] - [[t1102-001-dead-drop-resolver|T1102.001 - Dead Drop Resolver]] - [[t1083-file-and-directory-discovery|T1083 - File and Directory Discovery]] - [[t1016-002-wi-fi-discovery|T1016.002 - Wi-Fi Discovery]] - [[t1059-001-powershell|T1059.001 - PowerShell]] - [[t1070-004-file-deletion|T1070.004 - File Deletion]] - [[t1071-001-web-protocols|T1071.001 - Web Protocols]] - [[t1008-fallback-channels|T1008 - Fallback Channels]] - [[t1057-process-discovery|T1057 - Process Discovery]] ## Grupos que Usam - [[g0059-magic-hound|Magic Hound]] ## Referências - [MITRE ATT&CK - S0674](https://attack.mitre.org/software/S0674)