PowerDuke

Malware & Tools · PowerDuke

· MalwareS0139 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

PowerDuke is a backdoor that was used by APT29 in 2016. It has primarily been delivered through Microsoft Word or Excel attachments containing malicious macros. (Citation: Volexity PowerDuke November 2016)

Tactic Coverage

discovery (7)stealth (4)execution (1)command and control (1)impact (1)persistence (1)privilege escalation (1)

Used By (1 groups)

G0016APT29IRON RITUAL, IRON HEMLOCK

Techniques (15)

T1010Application Window Discovery

discovery

T1016System Network Configuration Discovery

discovery

T1027.003Steganography

stealth

T1033System Owner/User Discovery

discovery

T1057Process Discovery

discovery

T1059.003Windows Command Shell

execution

T1070.004File Deletion

References

https://attack.mitre.org/software/S0139 https://www.volexity.com/blog/2016/11/09/powerduke-post-election-spear-phishing-campaigns-targeting-think-tanks-and-ngos/