{
	"id": "721ed29d-4df9-4799-918e-5868e3aad059",
	"created_at": "2026-04-06T00:19:44.488746Z",
	"updated_at": "2026-04-10T03:32:43.632596Z",
	"deleted_at": null,
	"sha1_hash": "cc9755220354c1f4f6d8f938db71bde768bbeebb",
	"title": "POWERTON (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 98092,
	"plain_text": "POWERTON (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-05 12:42:01 UTC\r\nInventory\r\nStatistics\r\nUsage\r\nApiVector\r\nLogin\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/ps1.powerton\r\nPage 1 of 2\n\nPOWERTON\r\nActor(s): APT33\r\nThere is no description at this point.\r\nReferences\r\nYara Rules\r\n[TLP:WHITE] ps1_powerton_w0 (20190903 | No description)\r\nDownload all Yara Rules\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/ps1.powerton\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/ps1.powerton\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/ps1.powerton"
	],
	"report_names": [
		"ps1.powerton"
	],
	"threat_actors": [
		{
			"id": "a63c994f-d7d6-4850-a881-730635798b90",
			"created_at": "2025-08-07T02:03:24.788883Z",
			"updated_at": "2026-04-10T02:00:03.785146Z",
			"deleted_at": null,
			"main_name": "COBALT TRINITY",
			"aliases": [
				"APT33 ",
				"Elfin ",
				"HOLMIUM ",
				"MAGNALIUM ",
				"Peach Sandstorm ",
				"Refined Kitten ",
				"TA451 "
			],
			"source_name": "Secureworks:COBALT TRINITY",
			"tools": [
				"AutoCore",
				"Cadlotcorg",
				"Dello RAT",
				"FalseFont",
				"Imminent Monitor",
				"KDALogger",
				"Koadic",
				"NanoCore",
				"NetWire",
				"POWERTON",
				"PoshC2",
				"Poylog",
				"PupyRAT",
				"Schoolbag"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "e5ff825b-0456-4013-b90a-971b93def74a",
			"created_at": "2022-10-25T15:50:23.824058Z",
			"updated_at": "2026-04-10T02:00:05.377261Z",
			"deleted_at": null,
			"main_name": "APT33",
			"aliases": [
				"APT33",
				"HOLMIUM",
				"Elfin",
				"Peach Sandstorm"
			],
			"source_name": "MITRE:APT33",
			"tools": [
				"PowerSploit",
				"AutoIt backdoor",
				"PoshC2",
				"Mimikatz",
				"NanoCore",
				"DEADWOOD",
				"StoneDrill",
				"POWERTON",
				"LaZagne",
				"TURNEDUP",
				"NETWIRE",
				"Pupy",
				"ftp"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "b23e717c-0b27-47e0-b3c8-4defe6dd857f",
			"created_at": "2023-01-06T13:46:38.367369Z",
			"updated_at": "2026-04-10T02:00:02.945356Z",
			"deleted_at": null,
			"main_name": "APT33",
			"aliases": [
				"Elfin",
				"MAGNALLIUM",
				"HOLMIUM",
				"COBALT TRINITY",
				"G0064",
				"ATK35",
				"Peach Sandstorm",
				"TA451",
				"APT 33",
				"Refined Kitten"
			],
			"source_name": "MISPGALAXY:APT33",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434784,
	"ts_updated_at": 1775791963,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cc9755220354c1f4f6d8f938db71bde768bbeebb.pdf",
		"text": "https://archive.orkl.eu/cc9755220354c1f4f6d8f938db71bde768bbeebb.txt",
		"img": "https://archive.orkl.eu/cc9755220354c1f4f6d8f938db71bde768bbeebb.jpg"
	}
}