... Sale) machines. This code demonstrates the most used technique to 'scrape' RAM. This exact technique was used in the Target credit card heist by BlackPOS. https://github.com/joren485/RamScraper Have you read topic title before posting this copy-paste from win32 pos? @boos If they ever exists ...
A forum for reverse engineering, OS internals and malware analysis
Search found 13 matches: BlackPOS
Searched query: blackpos
Re: POS RAM scraper for Linux ?
by EP_X0FF ¦ Sat Apr 18, 2015 12:45 am ¦ Forum: Malware ¦ Topic: POS RAM scraper for Linux ? ¦ Replies: 2 ¦ Views: 3503Re: POS RAM scraper for Linux ?
by grum ¦ Fri Apr 17, 2015 6:13 pm ¦ Forum: Malware ¦ Topic: POS RAM scraper for Linux ? ¦ Replies: 2 ¦ Views: 3503... Sale) machines. This code demonstrates the most used technique to 'scrape' RAM. This exact technique was used in the Target credit card heist by BlackPOS. https://github.com/joren485/RamScraper
Re: Point-of-Sale malwares / RAM scrapers
by SimonZerafa ¦ Thu Sep 11, 2014 12:55 pm ¦ Forum: Malware ¦ Topic: Point-of-Sale malwares / RAM scrapers ¦ Replies: 244 ¦ Views: 872080Hi,
Are we all 'happy' that BlackPOS v2 is a 'real thing' and not just a hand waving argument that this or that sample is too different from BlackPOS? 
Regards
Simon
Re: Point-of-Sale malwares / RAM scrapers
by jgrunz ¦ Tue Sep 09, 2014 4:47 pm ¦ Forum: Malware ¦ Topic: Point-of-Sale malwares / RAM scrapers ¦ Replies: 244 ¦ Views: 872080The sample referenced by TrendMicro isn't BlackPOS. I wasn't going to call them out on it publicly, but then Krebs started grasping at straws and now everyone thinks it's BlackPOS v2. http://blog.nuix.com/2014/09/08/blackpos-v2-new-variant-or-different-family/ ...
Re: Point-of-Sale malwares / RAM scrapers
by fade ¦ Mon Sep 08, 2014 11:02 pm ¦ Forum: Malware ¦ Topic: Point-of-Sale malwares / RAM scrapers ¦ Replies: 244 ¦ Views: 872080A lot of folks are calling this BlackPoS. The main basis for this is the unique-exfiltration techniques.
The t.bat file that is decoded from the Trend posting, uses a bitshift & XOR key.
Re: Point-of-Sale malwares / RAM scrapers
by EP_X0FF ¦ Mon Sep 08, 2014 8:01 am ¦ Forum: Malware ¦ Topic: Point-of-Sale malwares / RAM scrapers ¦ Replies: 244 ¦ Views: 872080http://blog.trendmicro.com/trendlabs-security-intelligence/new-blackpos-malware-emerges-in-the-wild-targets-retail-accounts/ http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/08/fig4_blackpos.jpg old or new tricks by BlackPOS? I like ...
Re: Point-of-Sale malwares / RAM scrapers
by grum ¦ Mon Sep 08, 2014 7:49 am ¦ Forum: Malware ¦ Topic: Point-of-Sale malwares / RAM scrapers ¦ Replies: 244 ¦ Views: 872080http://blog.trendmicro.com/trendlabs-se ... -accounts/
old or new tricks by BlackPOS?
Re: Point-of-Sale malwares / RAM scrapers
by rkhunter ¦ Wed Jan 22, 2014 7:59 am ¦ Forum: Malware ¦ Topic: Point-of-Sale malwares / RAM scrapers ¦ Replies: 244 ¦ Views: 872080KAPTOXA samples
ESET: Win32/Spy.POSCardStealer.R, Win32/Spy.POSCardStealer.S, Win32/Spy.POSCardStealer.T
MS: Trojan:Win32/Ploscato.A, Trojan:Win32/Ploscato.B
Symantec: Infostealer.Reedum.B
iSight: Trojan.POSRAM
or just another modification of BlackPOS
Re: Point-of-Sale malwares / RAM scrapers
by EP_X0FF ¦ Sat Jan 18, 2014 4:13 am ¦ Forum: Malware ¦ Topic: Point-of-Sale malwares / RAM scrapers ¦ Replies: 244 ¦ Views: 872080IntelCrawler: "17-years-old teenager is the author of BlackPOS/Kaptoxa malware (Target), several other breaches may be revealed soon"
http://intelcrawler.com/about/press08
http://www.kernelmode.info/forum/search ... s=BlackPOS
Re: Point-of-Sale malwares / RAM scrapers
by Xylitol ¦ Wed Jun 05, 2013 12:27 pm ¦ Forum: Malware ¦ Topic: Point-of-Sale malwares / RAM scrapers ¦ Replies: 244 ¦ Views: 872080BlackPOS: https://www.virustotal.com/en/file/19d347e83cd26cb7ef38ce4bd00ed248c1db2f2cb05dedd1f2c4007f128ad9be/analysis/1370434975/ https://www.virustotal.com/en/file/12643ca8c088f9abc43843fe9f5e527db8033057b7148a56a798de9bf6a9cf13/analysis/1370434985/ ...