IOC pivotioc · name
POWERSTATS
IR · IranMuddyWaterconfidence · high
PowerShell backdoor family attributed to MuddyWater in joint CISA/FBI/CNMF/NCSC-UK advisory AA22-055A, which catalogues POWERSTATS, Small Sieve, Mori, Canopy/Starwhale and PowGoop tooling used since approximately 2018 by this MOIS subordinate APT group (also tracked as Static Kitten, Mango Sandstorm, MERCURY, Seedworm, TEMP.Zagros).
- family
- POWERSTATS
- first seen
- Feb 23, 2022
- publisher
- CISA