Rewterz Threat Alert – PowDesk Malware – IoCs

Tuesday, January 14, 2020



Analysis Summary

PowDesk is a simple, PowerShell-based malware targeting hosts that run LANDesk Management Agent. This malware shares similarities with APT34 (known as OilRig and HelixKitten) group’s previously reported malware named QUADAGENT. however PowDesk itself appears to be completely new. This malware is compatible with both 32-bit and 64-bit systems and exfiltrates the infected computer’s name through a PHP page stored at the C&C server. After analyzing the malware’s behavior.


Exposure of sensitive information

Indicators of Compromise


  • 8406ca490c60ec41569b35f31f1860ff4663bba44d1daac64760ecdfe694203d




  • Block all threat indicators at your respective controls.
  • Always be suspicious about emails sent by unknown senders.
  • Never click on the links/attachments sent by unknown senders.

Data Sheets

Corporate Brochure

Our Story



Managed Security

Upcoming Rewterz Trainings/Events

Rewterz News

  • 17, February 2020 Rewterz Threat Alert – Satan ransomware rebrands as 5ss5c ransomware
  • 20, January 2020 Rewterz Threat Alert – Iranian APT Group “MuddyWater” Resurfaces
  • 20, January 2020 Rewterz Threat Alert – STOP (djvu) Ransomware Actively Spread
  • 20, January 2020 Rewterz Threat Advisory – Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

Copyright © Rewterz. All rights reserved.