S0371Windows

S0371POWERTON

Platforms
1
ATT&CK
14.1
References
2

Description

[POWERTON](https://attack.mitre.org/software/S0371) is a custom PowerShell backdoor first observed in 2018. It has typically been deployed as a late-stage backdoor by [APT33](https://attack.mitre.org/groups/G0064). At least two variants of the backdoor have been identified, with the later version containing improved functionality.(Citation: FireEye APT33 Guardrail)

Platforms· 1

Windows

Attributed to1

TypeTargetConfidenceTier
GroupAPT33g0064100%live

References

  1. https://attack.mitre.org/software/S0371
  2. https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
PowerStallion
Software
POWERSOURCE
Software
POWERSTATS
Software
PowerShower
Software
QUADAGENT
Software
CharmPower
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.