Names | PowerBrace | |
Category | Malware | |
Type | Backdoor, Exfiltration | |
Description | (IBM) PowerBrace is a PowerShell backdoor that supports multiple commands such as command execution, uploading/downloading files, etc. Most of the function names and variable names in PowerBrace have been replaced with MD5 hashes to make the analysis more difficult. Furthermore, many commands are Based64 encoded. It generates a random string as a session key, which is used in communication. | |
Information | <https://exchange.xforce.ibmcloud.com/malware-analysis/guid:7ce62d3322cecbb29e55b27cd393b729> | |
Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/ps1.powerbrace> | |
AlienVault OTX | <https://otx.alienvault.com/browse/pulses?q=tag:PowerBrace> |
Last change to this tool card: 24 April 2021
Download this tool card in JSON format
Changed | Name | Country | Observed | ||
APT groups | |||||
Lazarus Group, Hidden Cobra, Labyrinth Chollima | 2007-Sep 2024 |
1 group listed (1 APT, 0 other, 0 unknown)
Digital Service Security Center Follow us on |
Report incidents |
|
+66 (0)2-123-1227 | ||
[email protected] |