PowerExchange
The MITRE Corporation
· Published 27/11/2024 20:36 · Modified 27/03/2026 01:03
Family
Essential information
- Confidence
- 100/100
- Is family
- Yes
- Published
- 27/11/2024 20:36
- Modified
- 27/03/2026 01:03
- Revoked
- No
- Author / Source
- The MITRE Corporation
- Related entities
- 15 attack patterns (mitre), 1 intrusion sets (apt), 1 sectors, 11 countries, 26 indicators
Description
[PowerExchange](https://attack.mitre.org/software/S1173) is a PowerShell backdoor that has been used by [OilRig](https://attack.mitre.org/groups/G0049) since at least 2023 including against government targets in the Middle East.(Citation: Symantec Crambus OCT 2023)
Marking (TLP)
TLP:CLEAR Copyright 2015-2025, The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation.
External references
Related entities
Attack patterns, malware, vulnerabilities, indicators, intrusion sets and other entities linked to this malware.
Attack patterns (MITRE) (15)
Intrusion sets (APT) (1)
-
The MITRE Corporation Confidence 100
[OilRig](https://attack.mitre.org/groups/G0049) is a suspected Iranian threat group that has targeted Middle Eastern and international victims since at least 2014. The group has targeted a variety of sectors, including…
First seen 01/01/1970 · Last seen 16/11/5138 ·
Sectors (1)
-
Government targets
Countries (11)
-
United States of America targets
-
Kuwait targets
-
Qatar targets
-
Saudi Arabia targets
-
Israel targets
-
Lebanon targets
-
Jordan targets
-
Türkiye targets
-
United Arab Emirates targets
-
Albania targets
-
Iraq targets
Indicators (26)
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault
-
stix 100/100 Revoked· Valid until 22/01/2025 · Source: AlienVault