Tool: EmpireProject| Names | EmpireProject Empire EmPyre PowerShell Empire | |
| Category | Tools | |
| Type | Backdoor | |
| Description | Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016. | |
| Information | <https://github.com/EmpireProject> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0363/> | |
Last change to this tool card: 22 April 2020
Download this tool card in JSON format
Previous: EmpireDNSAgent
Next: Empoder
| Changed | Name | Country | Observed | ||
APT groups | |||||
| APT 19, Deep Panda, C0d0so0 |  | 2013-May 2019 |  | ||
| APT 33, Elfin, Magnallium |  | 2013-Nov 2019 | |||
| CopyKittens, Slayer Kitten | | 2013-Jan 2017 | |||
| FIN10 | [Unknown] | 2016 | |||
| Indrik Spider |  | 2014-Jun 2021  | | ||
| LazyScripter | [Unknown] | 2018 | |||
| LockBit Gang | [Unknown] | 2019-Aug 2021 | |||
| MuddyWater, Seedworm, TEMP.Zagros, Static Kitten | | 2017-Feb 2021 | | ||
| Turla, Waterbug, Venomous Bear | | 1996-Feb 2021 | |||
| WIRTE Group | [Middle East] | 2018 | |||
10 groups listed (10 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |