← All drivers
Field Guide · Family
POORTRY (Microsoft-signed malware family)
POORTRY is the kernel-mode half of a small malicious toolkit publicly disclosed by SentinelOne and Mandiant in December 2022. Notable because its samples were signed through Microsoft's WHQL program after the operators abused developer accounts in the Microsoft Partner Center. Microsoft published advisory ADV220005 and revoked the certificates.
6
Drivers
0
Vulnerable
6
Malicious
6
With Field Notes
sense5ext.sys
malicious✎
nodedriver.sys
malicious✎
pciecubed.sys
malicious✎
poortry.sys
malicious✎
poortry1.sys
malicious✎
poortry2.sys
malicious✎
Family grouping is Vera's. Status data comes from the public LOLDrivers project.
