A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #21986  by rkhunter
 Sat Jan 18, 2014 10:39 am
ook, it's all about KAPTOXA POS malware

KAPTOXA POS Report – Released Jan. 16, 2014
https://www.isightpartners.com/2014/01/ ... eport-faq/

Could a Novell vulnerability be behind the Target breach?
http://www.webroot.com/blog/2014/01/17/ ... et-breach/

A Closer Look at the Target Malware
http://krebsonsecurity.com/2014/01/a-fi ... n-malware/
http://krebsonsecurity.com/2014/01/a-cl ... e-part-ii/

http://artemonsecurity.com/20140116_POS ... alysis.pdf
 #22022  by rkhunter
 Wed Jan 22, 2014 7:59 am
KAPTOXA samples

ESET: Win32/Spy.POSCardStealer.R, Win32/Spy.POSCardStealer.S, Win32/Spy.POSCardStealer.T
MS: Trojan:Win32/Ploscato.A, Trojan:Win32/Ploscato.B
Symantec: Infostealer.Reedum.B
iSight: Trojan.POSRAM
or just another modification of BlackPOS
Attachments
pass:infected
(186.7 KiB) Downloaded 146 times
 #22056  by bsteo
 Sat Jan 25, 2014 4:47 pm
Xylitol wrote:Decebal coder is retarded.
4744870016311111 is invalid luhn and the procedure behind check if the number is luhn valid so he don't even need to put this one on the 'blacklist' in theory.
Agree, he doesn't even have a real LUHN procedure to check, only the name.
  • 1
  • 14
  • 15
  • 16
  • 17
  • 18
  • 25