Malware

PoshC2

First seen: 2017-01 • Status: active

Currently Active Threat

PoshC2 is an open-source command and control framework that uses PowerShell.

Overview

PoshC2 is a proxy-aware C2 framework using PowerShell. It supports multiple implant types.

How It Spreads

  • Post-exploitation

What It Does

  • Command and control
  • PowerShell-based

Is your business exposed?

Target Platforms

Windows

Detection Tips

  • Monitor PowerShell execution

MITRE ATT&CK Techniques

T1071, T1059

If You're Infected

  1. 1.

    Investigate full compromise

Related Malware

Powershell Empire

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices