Threat Landscape Dashboard

Assessing today's threats and the relationships between them


The campaign takes advantage of flaws in Microsoft Word in an attempt to drop a PowerShell backdoor labeled "POWERSHOWER" onto the infected system. The malware is capable of stealing sensitive information from the compromised machine and uploading to a command and control server under the attackers control. The operation also removes traces of itself including files and registry entries to make post infection analysis difficult.
Name Modified Date Sources
Operation POWERSHOWER 2018-11-06