POWERTRASH (3192d79f-2a24-4461-b4c8-4b40ef7c163f)
A PowerShell-based, in-memory loader that executes embedded payloads.[Mandiant FIN7 April 4 2022] According to Mandiant, POWERTRASH is a "uniquely obfuscated" version of PowerSploit's Invoke-Shellcode.ps1 shellcode invoker module known to be used by FIN7.[GitHub - PowerSploit Invoke-Shellcode]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| FIN7 (4348c510-50fc-4448-ab8d-c8cededd19ff) | Tidal Groups | POWERTRASH (3192d79f-2a24-4461-b4c8-4b40ef7c163f) | Tidal Software | 1 |