SOFTWARE
SOFTWARE
A-B
C-D
E-F
G-H
I-J
K-L
M-N
O-P
Q-R
S-T
U-V
W-X
POWERTON
POWERTON is a custom PowerShell backdoor first observed in 2018. It has typically been deployed as a late-stage backdoor by APT33. At least two variants of the backdoor have been identified, with the later version containing improved functionality.[1]
ID: S0371
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 16 April 2019
Last Modified: 25 March 2020
Techniques Used
Domain | ID | Name | Use | |
---|---|---|---|---|
Enterprise | T1071 | .001 | Application Layer Protocol: Web Protocols | |
Enterprise | T1547 | .001 | Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder | |
Enterprise | T1059 | .001 | Command and Scripting Interpreter: PowerShell | |
Enterprise | T1573 | .001 | Encrypted Channel: Symmetric Cryptography | |
Enterprise | T1546 | .003 | Event Triggered Execution: Windows Management Instrumentation Event Subscription | |
Enterprise | T1003 | .002 | OS Credential Dumping: Security Account Manager |
Groups That Use This Software
ID | Name | References |
---|---|---|
G0064 | APT33 |
References
×