Threat Landscape Dashboard

Assessing today's threats and the relationships between them

Operation PowerBand

The APT33 threat group, also known as Elfin, Refined Kitten, Magnallium, and Holmium, is suspected to be behind a new remote administration tool known as POWERBAND. The malware is programmed in .NET and highly obfuscated and is similar to the POWERTON backdoor also associated with APT33. A unique identifier composed of the MachineName, UserDomainName and UserName is created for each victim and used to encrypt and decrypt all data exchanged with the actor's command and control server. The backdoor creates a registry run key for persistence and exfiltrates sensitive information including screen captures of the victim's desktop.
Name Modified Date Sources
Operation PowerBand 2020-02-24