ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > List all tools > List all groups using tool ModPOS

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: ModPOS

NamesModPOS
CategoryMalware
TypeReconnaissance, POS malware, Backdoor, Keylogger, Credential stealer
Description(FireEye) ModPOS is highly modular and can be configured to target specific systems with components such as uploader/downloader, keylogger, POS RAM scraper and custom plugins for credential theft and other specialized functions like network reconnaissance. We believe other capabilities could also be leveraged. The modules are packed kernel drivers that use multiple methods of obfuscation and encryption to evade even the most sophisticated security controls.
Information<https://www.fireeye.com/blog/threat-research/2015/11/modpos.html>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.modpos>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:modpos>

Last change to this tool card: 23 May 2020

Download this tool card in JSON format

All groups using tool ModPOS

ChangedNameCountryObserved

APT groups

 Operation Black Atlas[Unknown]2015 

1 group listed (1 APT, 0 other, 0 unknown)

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key