Backdoor.Empire

description-logoDescription

This indicates detection of Empire Framework backdoor traffics within the network.
Backdoor trojans have the capability to connect remote hosts and perform actions against the compromised system. Empire is a post-exploitation framework. The framework offers cryptologically-secure communications and a flexible architecture. It is using Powershell script and Python script.

affected-products-logoAffected Products

Any system has compromised is vulnerable to the attack.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

The signature can be set to "Block" to block this application.
The signature can be set to "Quarantine" to block the attacker IPs.
Please use Anti-Virus software to scan and clean the system.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-09-08 18.153 Sig Added
2021-04-08 18.054 Sig Added
2020-11-05 16.957 Sig Added
2019-11-19 14.726 Sig Added
2019-08-22 14.675 Sig Added
2019-08-20 14.672 Sig Added
2019-01-03 13.517 Sig Added