Malware
PowerShell Empire
First seen: 2015-01 • Status: active
Currently Active Threat
PowerShell Empire is a hacking tool that runs entirely in PowerShell. It is open-source and used by many attackers.
Overview
PowerShell Empire is an open-source post-exploitation framework. While development paused, it is still used in attacks.
Also Known As
Empire
How It Spreads
- • Post-exploitation deployment
What It Does
- • Post-exploitation
- • Lateral movement
- • Credential theft
Is your business exposed?
Target Platforms
Windows
Detection Tips
- • Monitor PowerShell activity
- • Watch for Empire signatures
MITRE ATT&CK Techniques
T1059, T1003
If You're Infected
- 1.
Assume credential compromise
Related Malware
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required