ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool EmpireProject

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: EmpireProject

NamesEmpireProject
Empire
EmPyre
PowerShell Empire
CategoryTools
TypeBackdoor
DescriptionEmpire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016.
Information<https://github.com/EmpireProject>
MITRE ATT&CK<https://attack.mitre.org/software/S0363/>

Last change to this tool card: 22 April 2020

Download this tool card in JSON format

All groups using tool EmpireProject

ChangedNameCountryObserved

APT groups

 APT 19, Deep Panda, C0d0so0China2013-Mar 2022X
 APT 33, Elfin, MagnalliumIran2013-Apr 2024 
 CopyKittens, Slayer KittenIran2013-Jan 2017 
 FIN10[Unknown]2016 
 Indrik SpiderRussia2007-Oct 2024 HOTX
 LazyScripter[Unknown]2018 
 LockBit Gang[Unknown]2019-Oct 2024 HOTX
 MuddyWater, Seedworm, TEMP.Zagros, Static KittenIran2017-May 2024X
 Turla, Waterbug, Venomous BearRussia1996-Dec 2023 
 WIRTE Group[Middle East]2018 

10 groups listed (10 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]