Point-of-Sale malwares / RAM scrapers - Page 21

Re: Point-of-Sale malwares / RAM scrapers

#25380 by Xylitol
Tue Mar 03, 2015 1:12 pm

https://www.virustotal.com/en/file/686d ... /analysis/

var_dump() on the gate ?
[syntax="sql"]INSERT INTO `track_storage` (cc, t1, encoding, process, ip, date) VALUES (XYL2K!, 'XYL2K!', 0, 'XYL2K!', '142.4.213.25', null) ON DUPLICATE KEY UPDATE date=now(), encoding=0, t1='XYL2K!', process='XYL2K!', ip = '142.4.213.25' [/syntax]

Attachments

LogPOS.zip

infected
(10.16 KiB) Downloaded 132 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact

Re: Point-of-Sale malwares / RAM scrapers

#25487 by rkhunter
Sat Mar 21, 2015 5:17 pm

PoSeidon, A Deep Dive Into Point of Sale Malware

http://blogs.cisco.com/security/talos/poseidon

Username

rkhunter

Posts

1156

Joined

Mon Mar 15, 2010 12:51 pm

Location

Russian Federation

Contact

Re: Point-of-Sale malwares / RAM scrapers

#25497 by dhuss
Mon Mar 23, 2015 1:01 pm

PoSeidon same as FindPOS covered by Palo Alto: http://researchcenter.paloaltonetworks. ... iscovered/

Some samples attached:
https://www.virustotal.com/en/file/28ca ... /analysis/ - PoSeidon/FindPOS
https://www.virustotal.com/en/file/7b78 ... /analysis/ - Keylogging/LogMeIn Recon as described by Palo Alto

Attachments

samples.7z

pwd: infected
(285.49 KiB) Downloaded 114 times

Username

dhuss

Posts

7

Joined

Mon Apr 14, 2014 4:17 pm

Re: Point-of-Sale malwares / RAM scrapers

#25540 by malwarelabs
Tue Mar 31, 2015 12:03 pm

JackPOS.
C&C http://partners-fx.com/jackposprivate12 ... login=true
http://partners-fx.com/jackposprivate12/php.ini -_-

Attachments

t2.7z

infected
(55.93 KiB) Downloaded 93 times

Username

malwarelabs

Posts

44

Joined

Tue Dec 10, 2013 9:07 am

Re: Point-of-Sale malwares / RAM scrapers

#25570 by malwarelabs
Fri Apr 03, 2015 9:34 am

JackPOS again.
Same team, other c&c.
C&C http://masco.com.sa/jackposprivate12/ad ... login=true

Attachments

v2.7z

infected
(55.93 KiB) Downloaded 99 times

Username

malwarelabs

Posts

44

Joined

Tue Dec 10, 2013 9:07 am

Re: Point-of-Sale malwares / RAM scrapers

#25648 by robemtnez
Wed Apr 15, 2015 7:08 pm

New POS Malware Emerges - Punkey

https://www.trustwave.com/Resources/Spi ... ---Punkey/

Username

robemtnez

Posts

15

Joined

Tue Feb 03, 2015 4:11 pm

Re: Point-of-Sale malwares / RAM scrapers

#25651 by Blaze
Thu Apr 16, 2015 7:22 am

robemtnez wrote:New POS Malware Emerges - Punkey
https://www.trustwave.com/Resources/Spi ... ---Punkey/

Attached:
0a33332d200e52875c00ea98417b71621b77a9dc291e6a3bdbd69569aac670cf
e0c4696093c71a8bbcd2aef357afca6c7b7fbfe787406f6797636a67ae9b975d

Attachments

Punkey.zip

(463.59 KiB) Downloaded 101 times

Username

Blaze

Posts

198

Joined

Fri Aug 27, 2010 7:35 am

Contact

Re: Point-of-Sale malwares / RAM scrapers

#25660 by grum
Thu Apr 16, 2015 5:37 pm

FighterPOS :?

http://housecall.trendmicro.com/media/w ... per-en.pdf

http://blog.trendmicro.com.br/fighterpo ... S_xNvCZFdg

https://malwr.com/analysis/MzA2MTdjODVh ... dkMWRmMmY/

Code: Select all

D*\AC:\Users\avanni\Dropbox\BrFighter Bot\Project1.vbp
Microsoft Base Cryptographic Provider v1.0
16006833
69.195.77.74
/BrFighter/
AlE29132913
ArV2m2cGLrjF0s4s
Windows Update
systemroot
\Windows Update
appdata
\InternetExplorer.exe
vbCrLf
bot/command.php?id=

Username

grum

Posts

38

Joined

Tue Nov 06, 2012 12:16 pm

Re: Point-of-Sale malwares / RAM scrapers

#25666 by byte
Fri Apr 17, 2015 10:55 am

Any information to Powerfail - Mic3K V1.10.10 ?
Found it on a WinXP Pos System. I have no sample yet. Maybe later.

Username

byte

Posts

1

Joined

Sun Mar 15, 2015 5:29 am

Re: Point-of-Sale malwares / RAM scrapers

#25922 by Xylitol
Sun May 24, 2015 12:06 pm

NitlovePOS: Another New POS Malware ~ https://www.fireeye.com/blog/threat-res ... other.html
https://www.virustotal.com/en/file/0aa4 ... 432469029/
https://www.virustotal.com/en/file/2a1f ... 432469031/

Attachments

NitlovePOS.zip

infected
(179.27 KiB) Downloaded 91 times

Registration Problems and FAQ - Rules For Malware Requests

Username

Xylitol

Rank

Global Moderator

Posts

1706

Joined

Sat Apr 10, 2010 5:54 pm

Location

Seireitei, Soul Society

Contact