POWERSTAT

POWERSTAT is a PowerShell-based Windows backdoor developed by MuddyWater. This APT is generally observed targeting Middle Eastern nations, but has recently shifted focus to include US government agencies, military, SCADA, ICS, and IT firms. The attack typically begins with a phishing email using social engineering to persuade users to enable macros and open any attachments. The malicious attachment contains PowerShell-based Trojans, most recently enabling POWERSTATS v.3. This backdoor is capable of taking screenshots, execute commands, and powershell code while enabling anti-detection tools during the attack. Campaigns have also been observed exploiting CVE-2017-0199 by faux document distribution, as well as deploying fake macro-powered documents designed to drop payloads through compromised servers.

Technical details and Reporting

Bleeping Computer provides reporting and technical details here.