1. Home
  2. Software
  3. PowerPunch

PowerPunch

PowerPunch is a lightweight downloader that has been used by Gamaredon Group since at least 2021.[1]

ID: S0685
Type: MALWARE
Platforms: Windows
Version: 1.1
Created: 18 February 2022
Last Modified: 22 March 2023
Enterprise Layer
download view

Techniques Used

Domain ID Name Use
Enterprise T1059 .001 Command and Scripting Interpreter: PowerShell

PowerPunch has the ability to execute through PowerShell.[1]
Enterprise T1480 .001 Execution Guardrails: Environmental Keying

PowerPunch can use the volume serial number from a target host to generate a unique XOR key for the next stage payload.[1]
Enterprise T1105 Ingress Tool Transfer

PowerPunch can download payloads from adversary infrastructure.[1]
Enterprise T1027 .010 Obfuscated Files or Information: Command Obfuscation

PowerPunch can use Base64-encoded scripts.[1]

Groups That Use This Software

ID Name References
G0047 Gamaredon Group

[1]

References

  1. Microsoft Threat Intelligence Center. (2022, February 4). ACTINIUM targets Ukrainian organizations. Retrieved February 18, 2022.