Question 1

What is S0146 — TEXTMATE?

Accepted Answer

[TEXTMATE](https://attack.mitre.org/software/S0146) is a second-stage PowerShell backdoor that is memory-resident. It was observed being used along with [POWERSOURCE](https://attack.mitre.org/software/S0145) in February 2017. (Citation: FireEye FIN7 March 2017) Documented platforms: Windows.

Question 2

What is the authoritative source for S0146?

Accepted Answer

TEXTMATE (S0146) is catalogued in MITRE ATT&CK Enterprise and curated for EU compliance use cases by SQUR.

S0146TEXTMATE

Description

Platforms· 1

References

Related by meaning· 6