PowerShower

Description

(Palo Alto) POWERSHOWER acts as an initial reconnaissance foothold and is almost certainly used to download and execute a secondary payload with a more complete set of features. By only using this simple backdoor to establish a foothold, the attacker can hold back their most sophisticated and complex malware for later stages, making them less likely to be detected.

In a nutshell, POWERSHOWER allows the attacker to:

• Fingerprint the machine, and upload this information to the initial C&C. • Clean up a significant amount of forensic evidence from the dropper process, as we detail below. • Run a secondary payload, if the attacker decides the target machine is sufficiently interesting (based on analysis of the system data sent from the first beacon)

Names

Name
PowerShower

Type

Reconnaissance
Downloader

Information

https://unit42.paloaltonetworks.com/unit42-inception-attackers-target-europe-year-old-office-vulnerability/

Mitre Attack

https://attack.mitre.org/software/S0441/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/ps1.powershower

Other Information

Uuid

8f922508-3fd3-4018-997b-a7a9075af23e

Last Card Change

2022-12-30

Threat Intelligence Garden

Explorer

PowerShower

PowerShower

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks