Backdoor.Empire
Description
This indicates detection of Empire Framework backdoor traffics within the network.
Backdoor trojans have the capability to connect remote hosts and perform actions against the compromised system. Empire is a post-exploitation framework. The framework offers cryptologically-secure communications and a flexible architecture. It is using Powershell script and Python script.
Affected Products
Any system has compromised is vulnerable to the attack.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
The signature can be set to "Block" to block this application.
The signature can be set to "Quarantine" to block the attacker IPs.
Please use Anti-Virus software to scan and clean the system.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-09-08 | 18.153 | Sig Added |
2021-04-08 | 18.054 | Sig Added |
2020-11-05 | 16.957 | Sig Added |
2019-11-19 | 14.726 | Sig Added |
2019-08-22 | 14.675 | Sig Added |
2019-08-20 | 14.672 | Sig Added |
2019-01-03 | 13.517 | Sig Added |