ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool BrutPOS

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: BrutPOS

NamesBrutPOS
CategoryMalware
TypePOS malware, Backdoor, Credential stealer, Botnet
Description(FireEye) There have been an increasing number of headlines about breaches at retailers in which attackers have made off with credit card data after compromising point-of-sale (POS) terminals. However, what is not commonly discussed is the fact that one third of these breaches are a result of weak default passwords in the remote administration software that is typically installed on these systems. While advanced exploits generate a lot of interest, sometimes it’s defending the simple attacks that can keep your company from the headlines.

In this report, we document a botnet that we call BrutPOS which uses thousands of compromised computers to scan specified IP address ranges for RDP servers that have weak or default passwords in an effort to locate vulnerable POS systems.
Information<https://www.fireeye.com/blog/threat-research/2014/07/brutpos-rdp-bruteforcing-botnet-targeting-pos-systems.html>
<https://www.trendmicro.de/cloud-content/us/pdfs/security-intelligence/white-papers/wp-pos-ram-scraper-malware.pdf>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.brutpos>

Last change to this tool card: 24 May 2020

Download this tool card in JSON format

All groups using tool BrutPOS

ChangedNameCountryObserved

Unknown groups

 _[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key