POWERPLANT

Description

(Mandiant) POWERPLANT, also referred to as “KillACK”, is a PowerShell-based backdoor with a breadth of capabilities, initially delivered following a successful Griffon infection in August 2020. Merges involving the usage of POWERPLANT into 2021 led us to assess that FIN7 is likely the only operator using POWERPLANT.

Names

Name
POWERPLANT
KillACK

Type

Backdoor

Information

https://www.mandiant.com/resources/evolution-of-fin7

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/ps1.powerplant

Other Information

Uuid

48ba4c0b-eea7-4d1d-adbf-537c318bf1ea

Last Card Change

2022-12-27

Threat Intelligence Garden

Explorer

POWERPLANT

POWERPLANT

Description

Names

Category

Type

Information

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks