{
	"id": "8f9b38ce-4fba-4a15-9f12-2f1479c0cab1",
	"created_at": "2026-04-06T00:19:20.299263Z",
	"updated_at": "2026-04-10T03:32:43.702938Z",
	"deleted_at": null,
	"sha1_hash": "53e7c799a962598320df79c0133c81910b39bf19",
	"title": "POWERBAND (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 33177,
	"plain_text": "POWERBAND (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 20:20:12 UTC\r\nwin.powerband (Back to overview)\r\nPOWERBAND\r\nActor(s): APT33\r\n.NET variant of ps1.powerton.\r\nReferences\r\n2020-02-12 ⋅ Telsy ⋅ Telsy\r\nMeeting POWERBAND: The APT33 .NET POWERTON Variant\r\nPOWERTON POWERBAND\r\nThere is no Yara-Signature yet.\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.powerband\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.powerband\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.powerband"
	],
	"report_names": [
		"win.powerband"
	],
	"threat_actors": [
		{
			"id": "a63c994f-d7d6-4850-a881-730635798b90",
			"created_at": "2025-08-07T02:03:24.788883Z",
			"updated_at": "2026-04-10T02:00:03.785146Z",
			"deleted_at": null,
			"main_name": "COBALT TRINITY",
			"aliases": [
				"APT33 ",
				"Elfin ",
				"HOLMIUM ",
				"MAGNALIUM ",
				"Peach Sandstorm ",
				"Refined Kitten ",
				"TA451 "
			],
			"source_name": "Secureworks:COBALT TRINITY",
			"tools": [
				"AutoCore",
				"Cadlotcorg",
				"Dello RAT",
				"FalseFont",
				"Imminent Monitor",
				"KDALogger",
				"Koadic",
				"NanoCore",
				"NetWire",
				"POWERTON",
				"PoshC2",
				"Poylog",
				"PupyRAT",
				"Schoolbag"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "e5ff825b-0456-4013-b90a-971b93def74a",
			"created_at": "2022-10-25T15:50:23.824058Z",
			"updated_at": "2026-04-10T02:00:05.377261Z",
			"deleted_at": null,
			"main_name": "APT33",
			"aliases": [
				"APT33",
				"HOLMIUM",
				"Elfin",
				"Peach Sandstorm"
			],
			"source_name": "MITRE:APT33",
			"tools": [
				"PowerSploit",
				"AutoIt backdoor",
				"PoshC2",
				"Mimikatz",
				"NanoCore",
				"DEADWOOD",
				"StoneDrill",
				"POWERTON",
				"LaZagne",
				"TURNEDUP",
				"NETWIRE",
				"Pupy",
				"ftp"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "b23e717c-0b27-47e0-b3c8-4defe6dd857f",
			"created_at": "2023-01-06T13:46:38.367369Z",
			"updated_at": "2026-04-10T02:00:02.945356Z",
			"deleted_at": null,
			"main_name": "APT33",
			"aliases": [
				"Elfin",
				"MAGNALLIUM",
				"HOLMIUM",
				"COBALT TRINITY",
				"G0064",
				"ATK35",
				"Peach Sandstorm",
				"TA451",
				"APT 33",
				"Refined Kitten"
			],
			"source_name": "MISPGALAXY:APT33",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434760,
	"ts_updated_at": 1775791963,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/53e7c799a962598320df79c0133c81910b39bf19.pdf",
		"text": "https://archive.orkl.eu/53e7c799a962598320df79c0133c81910b39bf19.txt",
		"img": "https://archive.orkl.eu/53e7c799a962598320df79c0133c81910b39bf19.jpg"
	}
}