POWERSOURCE is a heavily obfuscated and modified version of the publicly available tool DNS_TXT_Pwnage. The backdoor uses DNS TXT requests for command and control and is installed in the registry or Alternate Data Streams.
|2018-10-01 ⋅ FireEye ⋅ |
Bateleur BELLHOP Griffon ANTAK POWERPIPE POWERSOURCE HALFBAKED BABYMETAL Carbanak Cobalt Strike DNSMessenger DRIFTPIN PILLOWMINT SocksBot
|2017-03-07 ⋅ FireEye ⋅ |
FIN7 Spear Phishing Campaign Targets Personnel Involved in SEC Filings
There is no Yara-Signature yet.