Malware: TEXTMATE

Description

[TEXTMATE](https://attack.mitre.org/software/S0146) is a second-stage PowerShell backdoor that is memory-resident. It was observed being used along with [POWERSOURCE](https://attack.mitre.org/software/S0145) in February 2017. (Citation: FireEye FIN7 March 2017)

External References

• mitre-attack
• Cisco DNSMessenger March 2017
• FireEye FIN7 March 2017

Techniques Used by This Malware

• T1059.003 — Windows Command Shell
• T1071.004 — DNS

APT Groups Using This Malware

• FIN7