POWERSOURCE (a4700431-6578-489f-9782-52e394277296)

POWERSOURCE is a PowerShell backdoor that is a heavily obfuscated and modified version of the publicly available tool DNS_TXT_Pwnage. It was observed in February 2017 in spearphishing campaigns against personnel involved with United States Securities and Exchange Commission (SEC) filings at various organizations. The malware was delivered when macros were enabled by the victim and a VBS script was dropped. ^{[FireEye FIN7 March 2017]} ^{[Cisco DNSMessenger March 2017]}

Rows: 1
Loading extensions...
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.2
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Tidal Software		Clear Tidal Groups	Clear 1
POWERSOURCE (a4700431-6578-489f-9782-52e394277296)	Tidal Software	FIN7 (4348c510-50fc-4448-ab8d-c8cededd19ff)	Tidal Groups	1

POWERSOURCE (a4700431-6578-489f-9782-52e394277296)

TableFilter v0.7.2