Home > List all groups > List all tools > List all groups using tool ModPipe

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: ModPipe

TypePOS malware, Backdoor, Info stealer, Credential stealer, Exfiltration
Description(ESET) ESET researchers have discovered ModPipe, a modular backdoor that gives its operators access to sensitive information stored in devices running ORACLE MICROS Restaurant Enterprise Series (RES) 3700 POS – a management software suite used by hundreds of thousands of bars, restaurants, hotels and other hospitality establishments worldwide.
What makes the backdoor distinctive are its downloadable modules and their capabilities. One of them – named GetMicInfo – contains an algorithm designed to gather database passwords by decrypting them from Windows registry values. This shows that the backdoor’s authors have deep knowledge of the targeted software and opted for this sophisticated method instead of collecting the data via a simpler yet “louder” approach, such as keylogging.
Exfiltrated credentials allow ModPipe’s operators access to database contents, including various definitions and configuration, status tables and information about POS transactions.

Last change to this tool card: 23 April 2021

Download this tool card in JSON format

All groups using tool ModPipe


Unknown groups

 _[ Interesting malware not linked to an actor yet ]_ 

1 group listed (0 APT, 0 other, 1 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
PGP Download PGP key