S0145Windows

S0145POWERSOURCE

Platforms
1
ATT&CK
14.1
References
3

Description

[POWERSOURCE](https://attack.mitre.org/software/S0145) is a PowerShell backdoor that is a heavily obfuscated and modified version of the publicly available tool DNS_TXT_Pwnage. It was observed in February 2017 in spearphishing campaigns against personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations. The malware was delivered when macros were enabled by the victim and a VBS script was dropped. (Citation: FireEye FIN7 March 2017) (Citation: Cisco DNSMessenger March 2017)

Platforms· 1

Windows

References

  1. https://attack.mitre.org/software/S0145
  2. http://blog.talosintelligence.com/2017/03/dnsmessenger.html
  3. https://web.archive.org/web/20180808125108/https:/www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Software
PowerSploit
Software
POWERTON
Software
TEXTMATE
Software
PowerShower
Software
POWERSTATS
Software
PowerStallion
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.