HOMETHREATSPOWERPLANT
MALWARE FAMILY

POWERPLANT

Internal ID: ps1.powerplant
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

This powershell code is a PowerShell written backdoor used by FIN7. Regarding to Mandiant that is was revealed to be a "vast backdoor framework with a breadth of capabilities, depending on which modules are delivered from the C2 server."

Threat Analysis

POWERPLANT is a malware family tracked by threat intelligence researchers and catalogued in the Malpedia dataset. It represents a distinct malicious software lineage with identifiable code characteristics, behaviors, and victimology.

External References

Quick Facts

TypeMalware Family
Aliases1

Also Known As

ps1.powerplant

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.