PowerPunch
PowerPunch is a lightweight downloader that has been used by Gamaredon Group since at least 2021.[1]
ID: S0685
ⓘ
Type: MALWARE
ⓘ
Platforms: Windows
Version: 1.1
Created: 18 February 2022
Last Modified: 22 March 2023
Techniques Used
| Domain | ID | Name | Use | |
|---|---|---|---|---|
| Enterprise | T1059 | .001 | 命令与脚本解释器: PowerShell |
PowerPunch has the ability to execute through PowerShell.[1] |
| Enterprise | T1480 | .001 | 执行保护: Environmental Keying |
PowerPunch can use the volume serial number from a target host to generate a unique XOR key for the next stage payload.[1] |
| Enterprise | T1027 | .010 | 混淆文件或信息: Command Obfuscation |
PowerPunch can use Base64-encoded scripts.[1] |
| Enterprise | T1105 | 输入工具传输 |
PowerPunch can download payloads from adversary infrastructure.[1] |
|
Groups That Use This Software
| ID | Name | References |
|---|---|---|
| G0047 | Gamaredon Group |