Software: TEXTMATE, DNSMessenger

From enterprise
Jump to: navigation, search
TEXTMATE, DNSMessenger
Software
ID S0146
Aliases TEXTMATE, DNSMessenger
Type Malware

TEXTMATE is a second-stage PowerShell backdoor that is memory-resident. It was observed being used along with POWERSOURCE in February 2017.1

Alias Descriptions

  • TEXTMATE - 1
  • DNSMessenger - Based on similar descriptions of functionality, it appears TEXTMATE, as named by FireEye, is the same as Stage 4 of a backdoor named DNSMessenger by Cisco's Talos Intelligence Group. However, FireEye appears to break DNSMessenger into two parts: POWERSOURCE and TEXTMATE.21

Techniques Used

Groups

The following groups use this software: