Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 13:23:19 UTC
Home > List all groups > List all tools > List all groups using tool PowerStallion
 Tool: PowerStallion
Names PowerStallion
Category Malware
Type Backdoor
Description
(ESET) PowerStallion is a lightweight PowerShell backdoor using Microsoft OneDrive,
a storage service in the cloud, as C&C server. The credentials are hardcoded at the
beginning of the script.
Information MITRE ATT&CK Last change to this tool card: 22 April 2020
Download this tool card in JSON format
All groups using tool PowerStallion
Changed Name Country Observed
APT groups
 Turla, Waterbug, Venomous Bear 1996-2024
1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8ee24910-db8b-454e-a322-aa5a37c51aa9
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=8ee24910-db8b-454e-a322-aa5a37c51aa9
Page 1 of 1