SYMBOLCOMMON_NAMEaka. SYNONYMS
win.poshc2 (Back to overview)

PoshC2

Actor(s): APT33


There is no description at this point.

References
2020-08-20Seebug PaperMalayke
@online{malayke:20200820:use:77d3957, author = {Malayke}, title = {{Use ZoomEye to track multiple Redteam C&C post-penetration attack frameworks}}, date = {2020-08-20}, organization = {Seebug Paper}, url = {https://paper.seebug.org/1301/}, language = {Chinese}, urldate = {2020-08-24} } Use ZoomEye to track multiple Redteam C&C post-penetration attack frameworks
Cobalt Strike Empire Downloader PoshC2
2020-07-13FireEyeAndrew Thompson, Aaron Stephens
@online{thompson:20200713:scandalous:15d59a2, author = {Andrew Thompson and Aaron Stephens}, title = {{SCANdalous! (External Detection Using Network Scan Data and Automation)}}, date = {2020-07-13}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2020/07/scandalous-external-detection-using-network-scan-data-and-automation.html}, language = {English}, urldate = {2020-07-15} } SCANdalous! (External Detection Using Network Scan Data and Automation)
POWERTON QUADAGENT PoshC2
2020-06-17Nettitude LabsRob Bone
@online{bone:20200617:detecting:be87469, author = {Rob Bone}, title = {{Detecting PoshC2 – Indicators of Compromise}}, date = {2020-06-17}, organization = {Nettitude Labs}, url = {https://labs.nettitude.com/blog/detecting-poshc2-indicators-of-compromise/}, language = {English}, urldate = {2020-06-18} } Detecting PoshC2 – Indicators of Compromise
PoshC2
2020-01-17JPCERT/CCTakayoshi Shiigi
@techreport{shiigi:20200117:looking:bf71db1, author = {Takayoshi Shiigi}, title = {{Looking back on the incidents in 2019}}, date = {2020-01-17}, institution = {JPCERT/CC}, url = {https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_0_JPCERT_en.pdf}, language = {English}, urldate = {2020-04-06} } Looking back on the incidents in 2019
TSCookie NodeRAT Emotet PoshC2 Quasar RAT
2020-01-01Github (nettitude)Nettitude
@online{nettitude:20200101:repository:640d828, author = {Nettitude}, title = {{Repository for Python Server for PoshC2}}, date = {2020-01-01}, organization = {Github (nettitude)}, url = {https://github.com/nettitude/PoshC2_Python/}, language = {English}, urldate = {2020-01-08} } Repository for Python Server for PoshC2
PoshC2
2020SecureworksSecureWorks
@online{secureworks:2020:cobalt:8d36ac3, author = {SecureWorks}, title = {{COBALT TRINITY}}, date = {2020}, organization = {Secureworks}, url = {https://www.secureworks.com/research/threat-profiles/cobalt-trinity}, language = {English}, urldate = {2020-05-23} } COBALT TRINITY
POWERTON pupy Imminent Monitor RAT Koadic Nanocore RAT NetWire RC PoshC2 APT33
2019-12-05Github (jeFF0Falltrades)Jeff Archer
@online{archer:20191205:poshc2:3066e19, author = {Jeff Archer}, title = {{PoshC2 (specifically as used by APT33)}}, date = {2019-12-05}, organization = {Github (jeFF0Falltrades)}, url = {https://github.com/jeFF0Falltrades/IoCs/blob/master/APT/poshc2_apt_33.md}, language = {English}, urldate = {2020-01-06} } PoshC2 (specifically as used by APT33)
PoshC2
2019-11-18Rewterz Information SecurityRewterz Information Security
@online{security:20191118:rewterz:29686ba, author = {Rewterz Information Security}, title = {{REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS}}, date = {2019-11-18}, organization = {Rewterz Information Security}, url = {http://www.rewterz.com/rewterz-news/rewterz-threat-alert-iranian-apt-uses-job-scams-to-lure-targets}, language = {English}, urldate = {2019-12-17} } REWTERZ THREAT ALERT – IRANIAN APT USES JOB SCAMS TO LURE TARGETS
PoshC2
2018-12-21FireEyeGeoff Ackerman, Rick Cole, Andrew Thompson, Alex Orleans, Nick Carr
@online{ackerman:20181221:overruled:74ac7b4, author = {Geoff Ackerman and Rick Cole and Andrew Thompson and Alex Orleans and Nick Carr}, title = {{OVERRULED: Containing a Potentially Destructive Adversary}}, date = {2018-12-21}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2018/12/overruled-containing-a-potentially-destructive-adversary.html}, language = {English}, urldate = {2019-12-20} } OVERRULED: Containing a Potentially Destructive Adversary
POWERTON PoshC2 pupy

There is no Yara-Signature yet.