Malware: PowerLess

Description

[PowerLess](https://attack.mitre.org/software/S1012) is a PowerShell-based modular backdoor that has been used by [Magic Hound](https://attack.mitre.org/groups/G0059) since at least 2022.(Citation: Cybereason PowerLess February 2022)

External References

• mitre-attack
• Cybereason PowerLess February 2022

Techniques Used by This Malware

• T1005 — Data from Local System
• T1056.001 — Keylogging
• T1059.001 — PowerShell
• T1074.001 — Local Data Staging
• T1105 — Ingress Tool Transfer
• T1140 — Deobfuscate/Decode Files or Information
• T1217 — Browser Information Discovery
• T1560 — Archive Collected Data
• T1573 — Encrypted Channel

APT Groups Using This Malware

• Magic Hound