PowerExchange

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[PowerExchange](https://attack.mitre.org/software/S1173) is a PowerShell backdoor that has been used by [OilRig](https://attack.mitre.org/groups/G0049) since at least 2023 including against government targets in the Middle East.(Citation: Symantec Crambus OCT 2023)

Associated Techniques (5)

ID	ATT&CK	Tactics
T1041	Exfiltration Over C2 Channel	-
T1059.001	PowerShell	-
T1071.003	Mail Protocols	-
T1105	Ingress Tool Transfer	-
T1140	Deobfuscate/Decode Files or Information	-

Used by Actors (1)

OilRig
Nation-state

Metadata

ID:	113
Created:	13/01/2026 17:48
Updated:	07/03/2026 16:00