ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool RawPOS

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: RawPOS

NamesRawPOS
FIENDCRY
DUEBREW
DRIFTWOOD
CategoryMalware
TypePOS malware, Backdoor, Info stealer
Description(Trend Micro) Despite being one of the oldest Point-of-Sale (PoS) RAM scraper malware families out in the wild, RawPOS (detected by Trend Micro as TSPY_RAWPOS) is still very active today, with the threat actors behind it primarily focusing on the lucrative multibillion-dollar hospitality industry. While the threat actor’s tools for lateral movement, as well as RawPOS’ components, remain consistent, new behavior from the malware puts its victims at greater risk via potential identity theft. Specifically, this new behavior involves RawPOS stealing the driver’s license information from the user to aid in the threat group’s malicious activities.
Information<https://blog.trendmicro.com/trendlabs-security-intelligence/rawpos-new-behavior-risks-identity-theft/>
<https://usa.visa.com/dam/VCOM/download/merchants/alert-rawpos.pdf>
<https://threatvector.cylance.com/en_us/home/rawpos-malware.html>
MITRE ATT&CK<https://attack.mitre.org/software/S0169/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.rawpos>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:rawpos>

Last change to this tool card: 25 May 2020

Download this tool card in JSON format

Previous: RawDisk
Next: RCLONE

All groups using tool RawPOS

ChangedNameCountryObserved

APT groups

 FIN5[Unknown]2008 

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]