Threat Encyclopedia



This indicates detection of Empire Framework backdoor traffics within the network.
Backdoor trojans have the capability to connect remote hosts and perform actions against the compromised system. Empire is a post-exploitation framework. The framework offers cryptologically-secure communications and a flexible architecture. It is using Powershell script and Python script.

Affected Products

Any system has compromised is vulnerable to the attack.


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

The signature can be set to "Block" to block this application.
The signature can be set to "Quarantine" to block the attacker IPs.
Please use Anti-Virus software to scan and clean the system.