TEXTMATE
MITRE
Malware Type:
Other
Other
First seen:
Unknown
Unknown
Last seen:
Unknown
Unknown
Details:
[TEXTMATE](https://attack.mitre.org/software/S0146) is a second-stage PowerShell backdoor that is memory-resident. It was observed being used along with [POWERSOURCE](https://attack.mitre.org/software/S0145) in February 2017. (Citation: FireEye FIN7 March 2017)
Aliases (105)
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
DNSMessenger
Used by Actors (1)
Metadata
| ID: | 218 |
| Created: | 13/01/2026 17:48 |
| Updated: | 06/03/2026 16:00 |