S0150Windows

S0150POSHSPY

Platforms
1
ATT&CK
14.1
References
2

Description

[POSHSPY](https://attack.mitre.org/software/S0150) is a backdoor that has been used by [APT29](https://attack.mitre.org/groups/G0016) since at least 2015. It appears to be used as a secondary backdoor used if the actors lost access to their primary backdoors. (Citation: FireEye POSHSPY April 2017) Documented platforms: Windows. Attributed to ATT&CK group: APT29. Catalogued in ATT&CK 14.1. 2 references curated.

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0150
  2. https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
HAMMERTOSS
Software
KGH_SPY
Software
ADVSTORESHELL
Software
Cadelspy
Software
CosmicDuke
Software
POORAIM
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.