SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.powerstats (Back to overview)

POWERSTATS

aka: Valyria

Actor(s): MuddyWater


POWERSTATS is a backdoor written in powershell.
It has the ability to disable Microsoft Office Protected View, fingerprint the victim and receive commands.

References
2023-06-29DeepInstinctDeep Instinct Threat Lab, Simon Kenin
PhonyC2: Revealing a New Malicious Command & Control Framework by MuddyWater
PhonyC2 POWERSTATS
2022-07-18Palo Alto Networks Unit 42Unit 42
Boggy Serpens
POWERSTATS MuddyWater
2022-02-25infoRisk TODAYPrajeet Nair
MuddyWater Targets Critical Infrastructure in Asia, Europe
POWERSTATS PowGoop STARWHALE GRAMDOOR MoriAgent
2022-02-24CISA, CNMF, FBI, NCSC UK, NSA
Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
POWERSTATS PowGoop GRAMDOOR MoriAgent
2022-02-24CISA, CNMF, FBI, NCSC UK
Alert (AA22-055A) Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
POWERSTATS PowGoop MoriAgent
2021-01-13Shells.System blogAhmed Khlief
Reviving MuddyC3 Used by MuddyWater (IRAN) APT
POWERSTATS
2020-01-15Marco Ramilli's BlogMarco Ramilli
Iranian Threat Actors: Preliminary Analysis
POWERSTATS
2020-01-07PrevailionDanny Adamitis
Summer Mirage
POWERSTATS
2020-01-01SecureworksSecureWorks
COBALT ULSTER
POWERSTATS Koadic MuddyWater
2019-08-01Kaspersky LabsGReAT
APT trends report Q2 2019
ZooPark magecart POWERSTATS Chaperone COMpfun EternalPetya FinFisher RAT HawkEye Keylogger HOPLIGHT Microcin NjRAT Olympic Destroyer PLEAD RokRAT Triton Zebrocy
2019-06-10Trend MicroDaniel Lunghi, Jaromír Hořejší
MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
POWERSTATS
2019-05-29Group-IBGroup-IB
Catching fish in muddy waters
POWERSTATS
2019-04-15ClearSkyClearSky Research Team
Iranian APT MuddyWater Attack Infrastructure Targeting Kurdish Political Groups and Organizations in Turkey
POWERSTATS MuddyWater
2019-04-10Check PointCheck Point Research
The Muddy Waters of APT Attacks
POWERSTATS
2019-03-21QianxinQi Anxin
Analysis of the latest attack activities of the suspected MuddyWater APT group against the Iraqi mobile operator Korek Telecom
POWERSTATS
2018-11-28ClearSkyClearSky Research Team
MuddyWater Operations in Lebanon and Oman
POWERSTATS
2018-06-06ClearSkyClearSky Cyber Security
Iranian APT group ‘MuddyWater’ Adds Exploits to Their Arsenal
POWERSTATS
2018-05-08Security 0wnageMo Bustami
Clearing the MuddyWater - Analysis of new MuddyWater Samples
POWERSTATS
2018-03-22Sekoiasekoia
Falling on MuddyWater
POWERSTATS
2018-03-13FireEyeBen Read, Dileep Kumar Jallepalli, Sudeep Singh, Yogesh Londhe
Iranian Threat Group Updates Tactics, Techniques and Procedures in Spear Phishing Campaign
POWERSTATS MuddyWater
2018-03-12Trend MicroJaromír Hořejší
Campaign Possibly Connected to “MuddyWater” Surfaces in the Middle East and Central Asia
POWERSTATS MuddyWater
2018-03-01Security 0wnageMo Bustami
A Quick Dip into MuddyWater's Recent Activity
POWERSTATS
2018-01-02Security 0wnageMo Bustami
Burping on MuddyWater
POWERSTATS
2017-11-22ReaqtaReaqta
A dive into MuddyWater APT targeting Middle-East
POWERSTATS
2017-11-14Palo Alto Networks Unit 42Tom Lancaster
Muddying the Water: Targeted Attacks in the Middle East
POWERSTATS MuddyWater
2017-10-04Security 0wnageMo Bustami
Continued Activity targeting the Middle East
POWERSTATS
2017-09-26MalwarebytesMalwarebytes Labs
Elaborate scripting-fu used in espionage attack against Saudi Arabia Government entity
POWERSTATS

There is no Yara-Signature yet.