Skuggaheimar/Threat Intelligence/PowerShell Injectors
POWERSHELL INJECTORS
POWERSHELL INJECTOR
SECURITY TOOL / TECHNIQUE
VARIOUS
Threat IntelligenceMalwareMay 28, 202515 min read

PowerShell Injectors: Threat Intelligence Profile

PowerShell-based malware delivery

Scroll

PowerShell Injectors (also known as PowerShell Injector, PS Injector) is a security tool / technique active since Ongoing. PowerShell-based malware delivery. Key characteristics include: in-memory execution, AMSI bypass, reflective loading, cradle techniques, fileless malware delivery.

Overview & Background

PowerShell-based malware delivery. First identified in Ongoing, this threat is attributed to Various.

Threat Assessment

PowerShell Injectors remains an active threat. Organizations should implement detection rules and monitor for indicators associated with this security tool / technique.

Technical Analysis

PowerShell Injectors employs the following capabilities and techniques:

MITRE ATT&CK Mapping

TacticTechniqueUsage
Initial AccessT1566.001 Phishing AttachmentCommon delivery vector
ExecutionT1204.002 Malicious FileUser-triggered execution
PersistenceT1547.001 Registry Run KeysAutostart persistence
Defense EvasionT1027 Obfuscated FilesPayload obfuscation
C2T1071.001 Web ProtocolsHTTP/HTTPS C2

Detection & Defense

Defend Against PowerShell Injectors

Mjolnir Security provides detection and response capabilities against PowerShell Injectors and similar threats.

Threat DetectionIncident ResponseThreat HuntingMDR ServicesThreat Intelligence
  • Proactive Threat Hunting Hunt for PowerShell Injectors indicators and TTPs within your environment.
  • Threat Intelligence Monitor PowerShell Injectors campaigns and infrastructure changes.
  • 24/7 Incident Response Rapid containment and forensic investigation. Call +1 833 403 5875.
Written by: Mjolnir Security  |  Published: May 28, 2025
Related Reports
Tool

Cobalt Strike: Adversary's Arsenal

Read Report →
Tool

Metasploit Framework

Read Report →