Threat Group Cards: A Threat Actor Encyclopedia
Archived: 2026-04-05 20:18:59 UTC
Home > List all groups > List all tools > List all groups using tool PoshC2
 Tool: PoshC2
Names PoshC2
Category Tools
Type Backdoor
Description
PoshC2 is an open source remote administration and post-exploitation framework that is
publicly available on GitHub. The server-side components of the tool are primarily
written in Python, while the implants are written in PowerShell. Although PoshC2 is
primarily focused on Windows implantation, it does contain a basic Python dropper for
Linux/macOS.
Information
MITRE ATT&CK Malpedia AlienVault OTX Last change to this tool card: 14 May 2020
Download this tool card in JSON format
All groups using tool PoshC2
Changed Name Country Observed
APT groups
 APT 33, Elfin, Magnallium 2013-Apr 2024
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=18ebfad6-64bd-4c68-9339-3352d14a982e
Page 1 of 2

1 group listed (1 APT, 0 other, 0 unknown)
Source: https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=18ebfad6-64bd-4c68-9339-3352d14a982e
https://apt.etda.or.th/cgi-bin/listgroups.cgi?u=18ebfad6-64bd-4c68-9339-3352d14a982e
Page 2 of 2

Changed APT groups Name Country   Observed 
APT 33, Elfin, Magnallium  2013-Apr 2024
  Page 1 of 2