POWERTON

Description

(FireEye) POWERTON is a backdoor written in PowerShell; FireEye has not yet identified any publicly available toolset with a similar code base, indicating that it is likely custom-built. POWERTON is designed to support multiple persistence mechanisms, including WMI and auto-run registry key. Communications with the C2 are over TCP/HTTP(S) and leverage AES encryption for communication traffic to and from the C2. POWERTON typically gets deployed as a later stage backdoor and is obfuscated several layers.

Names

Name
POWERTON

Type

Backdoor

Information

https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html

Mitre Attack

https://attack.mitre.org/software/S0371/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/ps1.powerton

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:powerton

Other Information

Uuid

cdb68988-cc6c-4324-9767-7bffc666d6de

Last Card Change

2020-04-22

Threat Intelligence Garden

Explorer

POWERTON

POWERTON

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks