POWERSOURCE

Description

(FireEye) POWERSOURCE is a heavily obfuscated and modified version of the publicly available tool DNS_TXT_Pwnage. The backdoor uses DNS TXT requests for command and control and is installed in the registry or Alternate Data Streams. Using DNS TXT records to communicate is not an entirely new finding, but it should be noted that this has been a rising trend since 2013 likely because it makes detection and hunting for command and control traffic difficult.

Names

Name
POWERSOURCE

Type

Backdoor

Information

https://www.fireeye.com/blog/threat-research/2017/03/fin7_spear_phishing.html

Mitre Attack

https://attack.mitre.org/software/S0145/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/ps1.powersource

Other Information

Uuid

bfd159e4-ca5e-493f-a580-a1c803026c5d

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

POWERSOURCE

POWERSOURCE

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks