POWERSTATS
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[POWERSTATS](https://attack.mitre.org/software/S0223) is a PowerShell-based first stage backdoor used by [MuddyWater](https://attack.mitre.org/groups/G0069). (Citation: Unit 42 MuddyWater Nov 2017)
Associated Techniques (27)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1005 | Data from Local System | - |
| T1016 | System Network Configuration Discovery | - |
| T1027.010 | Command Obfuscation | - |
| T1027.016 | Junk Code Insertion | - |
| T1029 | Scheduled Transfer | - |
| T1033 | System Owner/User Discovery | - |
| T1036.004 | Masquerade Task or Service | - |
| T1047 | Windows Management Instrumentation | - |
| T1053.005 | Scheduled Task | - |
| T1057 | Process Discovery | - |
| T1059.001 | PowerShell | - |
| T1059.005 | Visual Basic | - |
| T1059.007 | JavaScript | - |
| T1070.004 | File Deletion | - |
| T1082 | System Information Discovery | - |
Aliases (105)
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Powermud
Used by Actors (1)
Metadata
| ID: | 636 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |