POWERTON

Malware & Tools · POWERTON

· MalwareS0371 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Windows

Description

POWERTON is a custom PowerShell backdoor first observed in 2018. It has typically been deployed as a late-stage backdoor by APT33. At least two variants of the backdoor have been identified, with the later version containing improved functionality.(Citation: FireEye APT33 Guardrail)

Tactic Coverage

command and control (2)privilege escalation (2)persistence (2)credential access (1)execution (1)

Used By (1 groups)

G0064APT33HOLMIUM, Elfin

Techniques (6)

T1003.002Security Account Manager

credential access

T1059.001PowerShell

execution

T1071.001Web Protocols

command and control

T1546.003Windows Management Instrumentation Event Subscription

privilege escalationpersistence

T1547.001Registry Run Keys / Startup Folder

persistenceprivilege escalation

T1573.001Symmetric Cryptography

References

https://attack.mitre.org/software/S0371 https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html