Page 21 of 25

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Tue Mar 03, 2015 1:12 pm
by Xylitol
https://www.virustotal.com/en/file/686d ... /analysis/

Image
var_dump() on the gate ?
[syntax="sql"]INSERT INTO `track_storage` (cc, t1, encoding, process, ip, date) VALUES (XYL2K!, 'XYL2K!', 0, 'XYL2K!', '142.4.213.25', null) ON DUPLICATE KEY UPDATE date=now(), encoding=0, t1='XYL2K!', process='XYL2K!', ip = '142.4.213.25' [/syntax]

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Sat Mar 21, 2015 5:17 pm
by rkhunter
PoSeidon, A Deep Dive Into Point of Sale Malware

http://blogs.cisco.com/security/talos/poseidon

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Mon Mar 23, 2015 1:01 pm
by dhuss
PoSeidon same as FindPOS covered by Palo Alto: http://researchcenter.paloaltonetworks. ... iscovered/

Some samples attached:
https://www.virustotal.com/en/file/28ca ... /analysis/ - PoSeidon/FindPOS
https://www.virustotal.com/en/file/7b78 ... /analysis/ - Keylogging/LogMeIn Recon as described by Palo Alto

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Tue Mar 31, 2015 12:03 pm
by malwarelabs

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Fri Apr 03, 2015 9:34 am
by malwarelabs
JackPOS again.
Same team, other c&c.
C&C http://masco.com.sa/jackposprivate12/ad ... login=true

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Wed Apr 15, 2015 7:08 pm
by robemtnez

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Thu Apr 16, 2015 7:22 am
by Blaze
robemtnez wrote:New POS Malware Emerges - Punkey
https://www.trustwave.com/Resources/Spi ... ---Punkey/
Attached:
0a33332d200e52875c00ea98417b71621b77a9dc291e6a3bdbd69569aac670cf
e0c4696093c71a8bbcd2aef357afca6c7b7fbfe787406f6797636a67ae9b975d

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Thu Apr 16, 2015 5:37 pm
by grum
FighterPOS :?

http://housecall.trendmicro.com/media/w ... per-en.pdf

http://blog.trendmicro.com.br/fighterpo ... S_xNvCZFdg


https://malwr.com/analysis/MzA2MTdjODVh ... dkMWRmMmY/
Code: Select all
D*\AC:\Users\avanni\Dropbox\BrFighter Bot\Project1.vbp
Microsoft Base Cryptographic Provider v1.0
16006833
69.195.77.74
/BrFighter/
AlE29132913
ArV2m2cGLrjF0s4s
Windows Update
systemroot
\Windows Update
appdata
\InternetExplorer.exe
vbCrLf
bot/command.php?id=

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Fri Apr 17, 2015 10:55 am
by byte
Any information to Powerfail - Mic3K V1.10.10 ?
Found it on a WinXP Pos System. I have no sample yet. Maybe later.

Re: Point-of-Sale malwares / RAM scrapers

PostPosted:Sun May 24, 2015 12:06 pm
by Xylitol