Tool: EmpireProject| Names | EmpireProject Empire EmPyre PowerShell Empire | |
| Category | Tools | |
| Type | Backdoor | |
| Description | Empire is a post-exploitation framework that includes a pure-PowerShell2.0 Windows agent, and a pure Python 2.6/2.7 Linux/OS X agent. It is the merge of the previous PowerShell Empire and Python EmPyre projects. The framework offers cryptologically-secure communications and a flexible architecture. On the PowerShell side, Empire implements the ability to run PowerShell agents without needing powershell.exe, rapidly deployable post-exploitation modules ranging from key loggers to Mimikatz, and adaptable communications to evade network detection, all wrapped up in a usability-focused framework. PowerShell Empire premiered at BSidesLV in 2015 and Python EmPyre premeiered at HackMiami 2016. | |
| Information | <https://github.com/EmpireProject> | |
| MITRE ATT&CK | <https://attack.mitre.org/software/S0363/> | |
Last change to this tool card: 22 April 2020
Download this tool card in JSON format
Previous: EmpireDNSAgent
Next: Enfal
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | APT 19, Deep Panda, C0d0so0 |  | 2013-May 2019 |  | |
| APT 33, Elfin, Magnallium |  | 2013-Nov 2019 | ||
| CopyKittens, Slayer Kitten | | 2013-Jan 2017 | |||
| FIN10 | [Unknown] | 2016 | |||
| MuddyWater, Seedworm, TEMP.Zagros, Static Kitten | | 2017-Dec 2020  | | |
| Turla, Waterbug, Venomous Bear |  | 1996-Jun 2020 | ||
| WIRTE Group | [Middle East] | 2018 | |||
Other groups | |||||
| Indrik Spider | | 2014-Jul 2020 | | |
8 groups listed (7 APT, 1 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |