Malware: PowerExchange

Description

[PowerExchange](https://attack.mitre.org/software/S1173) is a PowerShell backdoor that has been used by [OilRig](https://attack.mitre.org/groups/G0049) since at least 2023 including against government targets in the Middle East.(Citation: Symantec Crambus OCT 2023)

External References

• mitre-attack
• Symantec Crambus OCT 2023

Techniques Used by This Malware

• T1041 — Exfiltration Over C2 Channel
• T1059.001 — PowerShell
• T1071.003 — Mail Protocols
• T1105 — Ingress Tool Transfer
• T1140 — Deobfuscate/Decode Files or Information

APT Groups Using This Malware

• OilRig