← All drivers
Field Guide · Family

POORTRY (Microsoft-signed malware family)

POORTRY is the kernel-mode half of a small malicious toolkit publicly disclosed by SentinelOne and Mandiant in December 2022. Notable because its samples were signed through Microsoft's WHQL program after the operators abused developer accounts in the Microsoft Partner Center. Microsoft published advisory ADV220005 and revoked the certificates.

6
Drivers
0
Vulnerable
6
Malicious
6
With Field Notes

Family grouping is Vera's. Status data comes from the public LOLDrivers project.