PoshC2
MITRE
Malware Type:
Tool
Tool
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[PoshC2](https://attack.mitre.org/software/S0378) is an open source remote administration and post-exploitation framework that is publicly available on GitHub. The server-side components of the tool are primarily written in Python, while the implants are written in [PowerShell](https://attack.mitre.org/techniques/T1059/001). Although [PoshC2](https://attack.mitre.org/software/S0378) is primarily focused on Windows implantation, it does contain a basic Python dropper for Linux/macOS.(Citation: GitHub PoshC2)
Associated Techniques (32)
| ID | ATT&CK | Tactics |
|---|---|---|
| T1003.001 | LSASS Memory | - |
| T1007 | System Service Discovery | - |
| T1016 | System Network Configuration Discovery | - |
| T1040 | Network Sniffing | - |
| T1046 | Network Service Discovery | - |
| T1047 | Windows Management Instrumentation | - |
| T1049 | System Network Connections Discovery | - |
| T1055 | Process Injection | - |
| T1056.001 | Keylogging | - |
| T1068 | Exploitation for Privilege Escalation | - |
| T1069.001 | Local Groups | - |
| T1071.001 | Web Protocols | - |
| T1082 | System Information Discovery | - |
| T1083 | File and Directory Discovery | - |
| T1087.001 | Local Account | - |
Used by Actors (3)
Metadata
| ID: | 724 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |