SYMBOLCOMMON_NAMEaka. SYNONYMS
win.poshc2 (Back to overview)

PoshC2

Actor(s): APT33

PoshC2 is a proxy aware C2 framework used to aid penetration testers with red teaming, post-exploitation and lateral movement.

PoshC2 is primarily written in Python3 and follows a modular format to enable users to add their own modules and tools, allowing an extendible and flexible C2 framework. Out-of-the-box PoshC2 comes PowerShell/C# and Python3 implants with payloads written in PowerShell v2 and v4, C++ and C# source code, a variety of executables, DLLs and raw shellcode in addition to a Python3 payload. These enable C2 functionality on a wide range of devices and operating systems, including Windows, *nix and OSX.

References
2024-01-25JSAC 2024Masafumi Takeda, Tomoya Furukawa
Threat Intelligence of Abused Public Post-Exploitation Frameworks
AsyncRAT DCRat Empire Downloader GRUNT Havoc Koadic Merlin PoshC2 Quasar RAT Sliver
2022-09-06Check PointCheck Point Research
DangerousSavanna: Two-year long campaign targets financial institutions in French-speaking Africa
AsyncRAT Meterpreter PoshC2 DangerousSavanna
2022-09-01Medium michaelkoczwaraMichael Koczwara
Hunting C2/Adversaries Infrastructure with Shodan and Censys
Brute Ratel C4 Cobalt Strike Deimos GRUNT IcedID Merlin Meterpreter Nighthawk PoshC2 Sliver
2022-07-21CensysMatt Lembright
Russian Ransomware C2 Network Discovered in Censys Data
DeimosC2 PoshC2
2022-07-18CensysCensys
Russian Ransomware C2 Network Discovered in Censys Data
Cobalt Strike DeimosC2 MimiKatz PoshC2
2021-09-06dbappsecurity猎影实验室
假面行动(Operation MaskFace)-疑似针对境外银行的利用问卷调查为主题的钓鱼攻击事件分析
PoshC2
2021-01-07Recorded FutureInsikt Group®
Aversary Infrastructure Report 2020: A Defender's View
Octopus pupy Cobalt Strike Empire Downloader Meterpreter PoshC2
2021-01-06Red CanaryTony Lambert
Hunting for GetSystem in offensive security tools
Cobalt Strike Empire Downloader Meterpreter PoshC2
2020-09-22vmwareOmar Elgebaly, Takahiro Haruyama
Detecting Threats in Real-time With Active C2 Information
Agent.BTZ Cobalt Strike Dacls NetWire RC PoshC2 Winnti
2020-08-20Seebug PaperMalayke
Use ZoomEye to track multiple Redteam C&C post-penetration attack frameworks
Cobalt Strike Empire Downloader PoshC2
2020-07-13FireEyeAaron Stephens, Andrew Thompson
SCANdalous! (External Detection Using Network Scan Data and Automation)
POWERTON QUADAGENT PoshC2
2020-06-17Nettitude LabsRob Bone
Detecting PoshC2 – Indicators of Compromise
PoshC2
2020-01-17JPCERT/CCTakayoshi Shiigi
Looking back on the incidents in 2019
TSCookie NodeRAT Emotet PoshC2 Quasar RAT
2020-01-01SecureworksSecureWorks
COBALT TRINITY
POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33
2020-01-01Github (nettitude)Nettitude
Repository for Python Server for PoshC2
PoshC2
2019-12-05Github (jeFF0Falltrades)Jeff Archer
PoshC2 (specifically as used by APT33)
PoshC2
2019-11-18Rewterz Information SecurityRewterz Information Security
REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS
PoshC2
2018-12-21FireEyeAlex Orleans, Andrew Thompson, Geoff Ackerman, Nick Carr, Rick Cole
OVERRULED: Containing a Potentially Destructive Adversary
POWERTON PoshC2 pupy

There is no Yara-Signature yet.