POWERTON

MITRE

Malware Type:
Other

First seen:
Unknown

Last seen:
Unknown

Details:

[POWERTON](https://attack.mitre.org/software/S0371) is a custom PowerShell backdoor first observed in 2018. It has typically been deployed as a late-stage backdoor by [APT33](https://attack.mitre.org/groups/G0064). At least two variants of the backdoor have been identified, with the later version containing improved functionality.(Citation: FireEye APT33 Guardrail)

Associated Techniques (6)

ID	ATT&CK	Tactics
T1003.002	Security Account Manager	-
T1059.001	PowerShell	-
T1071.001	Web Protocols	-
T1546.003	Windows Management Instrumentation Event Subscription	-
T1547.001	Registry Run Keys / Startup Folder	-
T1573.001	Symmetric Cryptography	-

Used by Actors (1)

APT33
Nation-state

Metadata

ID:	637
Created:	13/01/2026 17:48
Updated:	06/03/2026 04:00