SYMBOLCOMMON_NAMEaka. SYNONYMS
ps1.powersource (Back to overview)

POWERSOURCE

Actor(s): Anunak


POWERSOURCE is a heavily obfuscated and modified version of the publicly available tool DNS_TXT_Pwnage. The backdoor uses DNS TXT requests for command and control and is installed in the registry or Alternate Data Streams.

References
2023-07-26cocomelonccocomelonc
@online{cocomelonc:20230726:malware:44a5642, author = {cocomelonc}, title = {{Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.}}, date = {2023-07-26}, organization = {cocomelonc}, url = {https://cocomelonc.github.io/malware/2023/07/26/malware-tricks-35.html}, language = {English}, urldate = {2023-07-28} } Malware development trick - part 35: Store payload in alternate data streams. Simple C++ example.
Valak POWERSOURCE Gazer PowerDuke
2022-04-27ANSSIANSSI
@techreport{anssi:20220427:le:5d47343, author = {ANSSI}, title = {{LE GROUPE CYBERCRIMINEL FIN7}}, date = {2022-04-27}, institution = {ANSSI}, url = {https://cert.ssi.gouv.fr/uploads/20220427_NP_TLPWHITE_ANSSI_FIN7.pdf}, language = {French}, urldate = {2022-05-05} } LE GROUPE CYBERCRIMINEL FIN7
Bateleur BELLHOP Griffon SQLRat POWERSOURCE Andromeda BABYMETAL BlackCat BlackMatter BOOSTWRITE Carbanak Cobalt Strike DNSMessenger Dridex DRIFTPIN Gameover P2P MimiKatz Murofet Qadars Ranbyus SocksBot
2018-10-01FireEyeRegina Elwell, Katie Nickels
@techreport{elwell:20181001:attcking:3c6d888, author = {Regina Elwell and Katie Nickels}, title = {{ATT&CKing FIN7}}, date = {2018-10-01}, institution = {FireEye}, url = {https://summit.fireeye.com/content/dam/fireeye-www/summit/cds-2018/presentations/cds18-technical-s05-att&cking-fin7.pdf}, language = {English}, urldate = {2020-06-25} } ATT&CKing FIN7
Bateleur BELLHOP Griffon ANTAK POWERPIPE POWERSOURCE HALFBAKED BABYMETAL Carbanak Cobalt Strike DNSMessenger DRIFTPIN PILLOWMINT SocksBot
2017-03-07FireEyeJordan Nuce, Barry Vengerik, Steve Miller
@online{nuce:20170307:fin7:0e12ba2, author = {Jordan Nuce and Barry Vengerik and Steve Miller}, title = {{FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings}}, date = {2017-03-07}, organization = {FireEye}, url = {https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html}, language = {English}, urldate = {2019-12-20} } FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings
POWERSOURCE FIN7

There is no Yara-Signature yet.